Two cybercriminal groups well-established in the business of spreading infostealers are diversifying their capabilities, abusing code-signing certificates to spread stealer malware, and then pivoting to ransomware through the same delivery channels. The threat actors responsible for the prolific RedLine and Vidar stealer malwares are now distributing ransomware payloads through phishing campaigns that spread initial payloads signed with Extended Validation (EV) certifications, allowing them to slip past email security, researchers from TrendMicro revealed in a blog post on Sept.
Source: Dark Reading: Cloud