Visible to the public Google identifies Threat Actors using new tricks with Code SigningConflict Detection Enabled

Google’s Threat Analysis Group found that threat actors have recently used a new trick of code signing to avoid detection on Windows systems and have notified Microsoft of their findings. OpenSUpdater operations had used legitimate code-signing certificates. The hackers used invalid signature—edited with an End of Content marker replacing a NULL tag. While some security products detect this as invalid—Windows operating systems treated the signatures as valid.