{"id":249920,"date":"2026-05-19T11:00:00","date_gmt":"2026-05-19T15:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/19\/microsoft-disrupts-cybercrime-service-offering-malware-disguised-as-legitimate-software\/"},"modified":"2026-05-19T22:45:20","modified_gmt":"2026-05-20T02:45:20","slug":"microsoft-disrupts-cybercrime-service-offering-malware-disguised-as-legitimate-software","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/19\/microsoft-disrupts-cybercrime-service-offering-malware-disguised-as-legitimate-software\/","title":{"rendered":"Microsoft disrupts cybercrime service offering malware disguised as legitimate software"},"content":{"rendered":"<p><a href=\"https:\/\/www.nextgov.com\/cybersecurity\/2026\/05\/microsoft-disrupts-cybercrime-service-offering-malware-disguised-legitimate-software\/413628\/\">Microsoft disrupts cybercrime service offering malware disguised as legitimate software<\/a><\/p>\n<p><a href=\"https:\/\/www.nextgov.com\/cybersecurity\/2026\/05\/microsoft-disrupts-cybercrime-service-offering-malware-disguised-legitimate-software\/413628\/\">https:\/\/www.nextgov.com\/cybersecurity\/2026\/05\/microsoft-disrupts-cybercrime-service-offering-malware-disguised-legitimate-software\/413628\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-19 11:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.nextgov.com\">www.nextgov.com<\/a><\/p>\n<p>Microsoft on Tuesday took actions against a \u201cmalware-signing-as-a-service\u201d provider that has helped criminal hackers evade security defenses designed to check whether software is legitimate.<\/p>\n<p>The group, dubbed Fox Tempest, was found to be abusing Microsoft code signing tools that validate whether software has been tampered with. Microsoft said it seized Fox Tempest\u2019s website, took down hundreds of virtual machines running its operation and blocked access to another site that hosted underlying code used by the group.<\/p>\n<p>Microsoft also unsealed a legal case in New York that targeted the group, and named another ransomware gang known as Vanilla Tempest as a co-conspirator.<\/p>\n<p>Normally, software signing certificates are meant to prove a program is safe upon download and installation. Operations like Fox Tempest are often sought after in the cybercriminal world because they can be paid to bless hackers\u2019 malware with a valid-looking signature to help it evade detection.<\/p>\n<p>Fox Tempest has been operating its malware disguise services since May of last year, Microsoft said. The downstream impact of its operations \u2014 which have let other criminal hackers distribute ransomware and other malicious packages \u2014 \u201chas resulted in attacks against a broad range of industry sectors, including healthcare, education, government, and financial services\u201d in the U.S., France, India and China, the company said in an assessment of the group.<\/p>\n<p>Hackers paid thousands of dollars to get their malicious code signed by Fox Tempest, with higher-paying plans receiving priority, the company added.<\/p>\n<p>Illicit code-signing tools have been exchanged for years, but \u201cwhat\u2019s changed is how this activity is marketed, packaged and sold as a service, along with the scale at which it is now used across ransomware campaigns,\u201d Microsoft\u2019s Digital Crimes Unit assistant general counsel Steven Masada said in a prepared statement.<\/p>\n<p>\u201cWhen attackers can make malicious software look legitimate, it undermines&#8230;<\/p>\n<p><a href=\"https:\/\/www.nextgov.com\/cybersecurity\/2026\/05\/microsoft-disrupts-cybercrime-service-offering-malware-disguised-legitimate-software\/413628\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft disrupts cybercrime service offering malware disguised as legitimate software https:\/\/www.nextgov.com\/cybersecurity\/2026\/05\/microsoft-disrupts-cybercrime-service-offering-malware-disguised-legitimate-software\/413628\/ Publish Date: 2026-05-19 11:00:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":249921,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.nextgov.com\/media\/img\/cd\/2026\/05\/19\/051926MicrosoftNG\/open-graph.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32],"class_list":["post-249920","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/249920"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=249920"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/249920\/revisions"}],"predecessor-version":[{"id":249922,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/249920\/revisions\/249922"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/249921"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=249920"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=249920"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=249920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}