Adobe announced that two months ago, hackers gained access to code signing software on their servers, allowing the hackers to create malware with proper, digital signatures. This means that the malware would be undetectable as it masqueraded as legitimate code.
It seems the main purpose of the malware was to extract passwords stored on users’ Windows computers. Adobe said they initiated a temporary fix, and will revoke all affected digital signatures on October 4.
This isn’t good.
www.zdnet.com/adobe-code-signing-infrastructure-hacked-by-sophisticated-threat-actors-7000004925