Abusing Code Signing for Profit

Signing a Windows executable file was originally conceived as a mechanism to guarantee the authenticity and integrity of a file published on the internet. Since its inception, the process of cryptographically signing a piece of code was designed to give the operating system a way to discriminate between legitimate and potentially malicious software. Unfortunately, this system is built on a problematic core tenet: Trust.