Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software.
This tactic is actively used to push OpenSUpdater, a family of
unwanted software also known as
riskware, which injects ads into victims' browsers and installs other unwanted programs onto their devices.
Campaigns coordinated by the financially motivated threat actors behind OpenSUpdater will attempt to infect as many devices as possible.
Most targets are from the US and likely interested in downloading game cracks and other potentially booby-trapped tools.