Fake malware-signing service Fox Tempest dismantled by Microsoft

Microsoft disrupted a malware-signing-as-a-service called Fox Tempest that offered cybercriminal customers the ability to upload malicious binaries and receive them back digitally signed with short-lived Microsoft-issued certificates (valid ~72 hours). By abusing these trusted-looking certificates, actors distributed ransomware and infostealers—masquerading installers as legitimate software like AnyDesk or Teams—allowing malware to bypass reputation-based controls and impact multiple sectors including healthcare, education, government, and finance.