Security experts at McAfee Labs have discovered a new cyber espionage based on the malware digitally signed with stolel certificates. A series of spear phishing attacks against non governmental entities and activists in China were conducted using malicious code signed with stolen digital certificates. The attacks are dated as far back as July 2013, the experts have identified valid signatures with certificates belonging to Zhengzhou hanJiang Electronic Technology Co., Ltd, verified by Thawte, and Jiangxi you ma chuang da Software Technology Co. Ltd.”]
Source: https://securityaffairs.co/wordpress/24704/cyber-crime/shiqiang-rat-signed-certificates.html