Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client's Authenticode signature.

The latest news about Authenticode StuffingHackers turn ScreenConnect into malware using Authenticode stuffing Threat actors are abusing the ConnectWise ScreenConnect installer to build signed ...

I also noticed that various dependencies (like modelcontextprotocol.dll) aren't Authenticode signed either, but I'm not sure what the expectations are around that.

Authenticode code signing is a technique that allows developers to verify file integrity, but ConnectWise’s use of a workaround to avoid re-signing the software when creating personalized installers ...

SonicWall and ConnectWise security breaches enable Trojan and remote access malware targeting VPN users and AI tool seekers.

Due to changes in packaging, virtio installers provided by CentOS/RHEL are no longer Authenticode signed. This project is archived.