Microsoft disrupted Fox Tempest’s malware-signing-as-a-service operation, OpFauxSign, which abused Artifact Signing to distribute trusted-looking malicious code and support ransomware activity worldwide. The scheme enabled signed malware and loaders such as Rhysida, Oyster, Lumma Stealer, and Vidar to evade defenses and target healthcare, education, government, and financial organizations. #FoxTempest #OpFauxSign #ArtifactSigning #Rhysida #Oyster #LummaStealer #Vidar #VanillaTempest #INC #Qilin #BlackByte #Akira
Keypoints
- Microsoft disrupted Fox Tempest’s MSaaS operation, codenamed OpFauxSign.
- The service abused Artifact Signing to make malware look legitimate.
- Fraudulent certificates were used to sign malware for paying cybercriminals.
- Rhysida, Oyster, Lumma Stealer, and Vidar were distributed through the scheme.
- The campaign targeted healthcare, education, government, and financial organizations worldwide.
Read More: https://thehackernews.com/2026/05/microsoft-takes-down-malware-signing.html