"Google Says Threat Actors Using New Code Signing Tricks to Evade Detection"

Google’s Threat Analysis Group found that threat actors have recently used a new trick of code signing to avoid detection on Windows systems and have notified Microsoft of their findings. OpenSUpdater operations had used legitimate code-signing certificates. The hackers used invalid signature—edited with an End of Content marker replacing a NULL tag. While some security products detect this as invalid—Windows operating systems treated the signatures as valid. 

Security Week reports "Google Says Threat Actors Using New Code Signing Tricks to Evade Detection"