Rhysida ransomware exploits Microsoft certificate to slip malware past defenses | CSO Online

The Rhysida ransomware gang is exploiting Microsoft’s trusted signing system to distribute its OysterLoader malware through fake search ads, bypassing security defenses by using digitally signed files that appear legitimate. This tactic, combined with obfuscation techniques, allows the malware to gain initial access and establish persistence, complicating detection and investigations for defenders who must now treat signed files with suspicion and focus on behavioral analytics.