A group of researchers demonstrated that malware signed with stolen Digital code-signing certificates continues to bypass security software. A recent study conducted by the Cyber Security Research Institute (CSRI) revealed that stolen digital code signing certificates are available for sale for anyone to purchase on the dark web for up to $1,200. The research team has found a total of 325 signed malware samples, of which 189 (58.2%) carried valid digital signatures while 136 carry malformed digital signatures. At least 34 antivirus software failed to check the validity of digital certificates allowing malicious code to run on the infected system.”]
Source: http://securityaffairs.co/wordpress/65233/deep-web/digital-code-signing-certificates-malware.html