Skip to main content
banner image
venafi logo

How Cybercriminals Misuse Code Signing Machine Identities

How Cybercriminals Misuse Code Signing Machine Identities

June 21, 2022 | Alexa Hernandez

Anyone who has access to a code signing key can abuse this to create nefarious code that looks legitimate but contains malicious software that can steal sensitive information from users. Here are several ways code signing can be misused by both insiders and cybercriminals to abuse the trust that signed software invokes.

How much do you know about code signing keys and certificates? Read our free eBook!
Attacks early in the software delivery process

If your pipeline doesn’t require digital signatures of all artifacts used to build your products, anyone could slip in a malicious change and the automation will incorporate that change and produce a malware-infected executable that you deliver to your customers.

Distributing malware in your company’s name

Cybercriminals steal code signing private keys from legitimate companies to sign their malicious code. When signed with a private key and certificate from a legitimate company, the malware bears the identity of that company. Trusting users will believe that the infected application is from your company and that it’s therefore safe to install and use.

Selling code signing certificates on the dark web

Cybercriminals can steal code signing certificates and resell them on the dark web for as little as $1,000 each. For organized cybercriminals with more compute power, weak code signing certificates can be forged to look like they’ve been issued by a trusted authority. Whether cybercriminals sign their own malicious code through a stolen or forged certificate themselves or use a signing service, most systems today will trust any code that’s signed if the signature cryptographically checks out to come from a certificate rooted by one of the many CAs in the system’s trust store.

Additional Risks: Disgruntled or Uninformed Workers

Code signing helps verify that an application is coming from a specific source but if someone inside your organization — a disgruntled employee, for example — gets ahold of these code signing certificates and decides to use them for malicious purposes (or sell them on the dark web!), your users may still think that they’re downloading trusted content, but the code may have been altered or tampered.

And it doesn’t just take a disgruntled employee to do harm. An uninformed employee could make an inadvertent change to a critical software resource that disrupts operations. To avoid innocent errors, implement a strong code signing approval process with carefully delineated roles that control who can sign which code.


Because code signing machine identities generate such high levels of trustworthiness, they’re a valuable target for cybercriminals, who steal code signing credentials from legitimate companies to sign their malicious code. When signed with a legitimate certificate, malware doesn’t trigger any warnings and unsuspecting users will trust that the application is safe to install and use. This is why code signing is a vital part of any cybersecurity strategy. With Venafi CodeSign Protect, securely manage your private keys and make code signing quick and easy for DevOps. 

Related Posts


Like this blog? We think you will love this.
Featured Blog

Study Shows Widespread Abuse of Code Signing Certificates

A study by Vi

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Alexa Hernandez
Alexa Hernandez

Alexa is the Web Marketing Specialist at Venafi.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more