Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads

The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates.
"This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers said in a new analysis published this

campaigns certificates code code signing code signing certificates cybercriminals ev certificates information information stealers making micro operations phishing pivoting ransomware redline researchers signing stealers techniques threat threat actors trend trend micro validation vidar