
Counterfeit certificates sold online make digitally signed malware a snap - a012
https://arstechnica.com/information-technology/2018/02/counterfeit-certificates-sold-online-make-digitally-signed-malware-a-snap/
======
tinus_hn
So where are these certificates coming from? I don’t suppose the criminals
have the CA keys.

