security: Signed malware impersonating workplace apps deploys RMM backdoors
Microsoft Security Blog
2026-03-03
Signed malware using a stolen EV code-signing certificate impersonated workplace apps to install legitimate remote monitoring and management (RMM) tools for persistent enterprise access. The post advises tightening certificate controls and monitoring RMM tool usage to reduce risk.