Nothing new here as evidenced by Casey Smith's demonstration of using MimiKatz to sign with MS code signed certs.. https://twitter.com/subtee/status/912769644473098240?lang=en
Volume of Signed Malware Increases, CAs Need Better Vetting May 22, 2019 https://www.bleepingcomputer.com/ne...ed-malware-increases-cas-need-better-vetting/ Chronicle: Abusing Code Signing for Profit
Comodo is known to be "lazy" when checking the legitimacy of the certs buyers,after all, money is money...they even Whitelist malware in their cloud network
Sectigo Responds to Chronicle's Report About Malware Signed by Their Certs May 25, 2019 https://www.bleepingcomputer.com/ne...s-report-about-malware-signed-by-their-certs/
Code Signing Shortcomings Leave Gaps for Hackers June 12, 2019 https://www.infosecurity-magazine.com/news/code-signing-shortcomings-leave-1/