Cybercriminals are abusing Microsoft's Trusted Signing service to sign malware with short-lived three-day certificates, allowing them to bypass security filters like SmartScreen. This method provides an easier alternative to Extended Validation (EV) certificates, which are harder to obtain. Malware campaigns like Crazy Evil Traffers and Lumma Stealer have exploited this service. While Microsoft monitors and revokes abused certificates, the ease of access to signed malware remains a cybersecurity concern.

‍