The number of malware samples signed with a valid certificate found on VirusTotal is in the thousands. Cybercriminals are able to purchase code-signing certificates either directly or indirectly from certificate authorities (CA) or their resellers. The list of CAs with abused certificates includes Sectigo, Thawte, Symantec, DigiCert, GlobalSign, Go Daddy, WoTrus, GDCA, Certum, E-Tugra, and Entrustra. Sectigo signed 3.5 times more samples than the runner up.
Source: https://www.bleepingcomputer.com/news/security/volume-of-signed-malware-increases-cas-need-better-vetting/