Google identifies Threat Actors using new tricks with Code Signing

Google’s Threat Analysis Group found that threat actors have recently used a new trick of code signing to avoid detection on Windows systems and have notified Microsoft of their findings. OpenSUpdater operations had used legitimate code-signing certificates. The hackers used invalid signature—edited with an End of Content marker replacing a NULL tag. While some security products detect this as invalid—Windows operating systems treated the signatures as valid. https://www.securityweek.com/google-says-threat-actors-using-new-code-signing-tricks-evade-detection