Finding leaked certificates, cracking their passwords, using them to sign malware, and reporting leaked certificates to certificate authorities. These are used to sign system apps on android builds, including the android app itself. Microsoft said it disrupted a vanilla tempest campaign in early october by revoking more than 200 certificates used by the cybercriminals to sign their malware
Finding and utilising leaked code signing certificates
According to the tech giant, the hackers signed fake microsoft teams setup files designed to install a backdoor named oyster, which in turn would enable them to deploy rhysida ransomware.
Here's how to defend against it.
Hackers and/or malicious insiders have leaked the platform certificates of several vendors
