security: Signed malware impersonating workplace apps deploys RMM backdoors
Microsoft Security Blog
2026-03-03
Microsoft reports malware signed with a stolen EV certificate that masquerades as workplace apps and installs legitimate remote monitoring and management (RMM) tools to maintain persistent enterprise access.