A notorious threat actor, known for utilizing malware to steal cargo, has adopted a new tactic to evade defenses: leveraging a third-party code-signing service to make their malicious software appear legitimate1. This allows the hackers to circumvent security measures and install their remote management and monitoring tools without arousing suspicion. The identity of the provider of this code-signing service remains unclear, but it is likely being distributed through underground channels. By using this service, the threat actor can create installers that appear to be trustworthy, increasing the likelihood of successful infiltration. This development highlights the cat-and-mouse game between attackers and defenders, as threat actors continually adapt and refine their techniques to stay one step ahead of security measures. The use of code-signing services by cargo-stealing hackers matters to practitioners because it underscores the need for robust validation and verification processes to prevent malicious software from gaining a foothold.