Malware executables are being increasingly code-signed with three-day certificates using the Microsoft Trusted Signing service as threat actors seek to establish legitimacy and prevent thwarting by security systems, according to BleepingComputer.
With the usage of the service enabling validation of executables until the revocation of certificates, such a scheme has already been leveraged in Crazy Evil Traffers and Lumma Stealer attack campaigns, noted BleepingComputer and other cybersecurity researchers. More malicious actors have switched to Microsoft's service for code-signing malware due to convenience following ambiguous changes to Extended Validation certificates, said cybersecurity researcher and developer Squiblydoo. "For a long time, using EV certificates has been the standard, but Microsoft has announced changes to EV certificates... However, due to these potential changes and lack of clarity, just having a code-signing certificate may be adequate for attacker needs," Squiblydoo said. Meanwhile, Microsoft has confirmed having invalidated and suspended malicious certificates and accounts, respectively.
The supermarket chain is tripling the number of stores utilizing facial recognition, expanding from over 55 current locations to a projected 200 by year-end.
The attack, which leveraged a deprecated OAuth flow called Resource Owner Password Credentials (ROPC), made over 81 million login attempts between June 12 and June 26, compromising at least 78 Microsoft accounts across 64 organizations.