Cybercriminals are now exploiting stolen Extended Validation (EV) certificates to sign malware that masquerades as legitimate enterprise software, according to a new threat report. The attackers then deploy authentic remote monitoring and management (RMM) tools as hidden backdoors, blending malicious activity into trusted IT processes and evading detection.
This technique undermines certificate trust and leverages genuine RMM applications for covert access. Businesses must treat certificate controls as highly sensitive, monitor all RMM activity for anomalies, and raise staff awareness of unusual remote sessions or new application icons. Regular reviews of certificate and RMM policies are crucial, as criminals increasingly weaponise recognised IT support tools.
Stolen EV Certificates Used to Sign Malware, Deploy RMM Backdoors in Workplace Attacks
