If hackers get hold of code-signing certificates from legitimate companies, they can sign any code they like – such as malicious code they’ve developed to siphon user information. Thanks to the code ...