Recorded Future’s Insikt Group recently reported that malicious actors are now using code-signing certificates to bypass security appliances.
It was previously believed that hackers merely steal and repurpose certificates from companies and developers. However, it seems that the high market price code signing certificates fetch have enticed other hackers to sell them instead. Prices go for as low as $299, with extended validation certificates that go through rigorous vetting process as high as $1599.
Principal security researcher at Cybereason and Mac malware expert Amit Serper says that it is impossible to execute non-code signed program with devices such as Apple. It was further revealed that the hackers also had certificates for Comodo, and Symantec and Thawte.