aDolus FACT Certificate Validation is a feature within the FACT (File Analysis and Continuous Tracking) platform that analyzes software packages for illegitimate or fraudulent code signing. The tool addresses a known gap in software trust: the presence of a digital signature does not guarantee that software is safe or authentic. Attackers can exploit code signing by using stolen private keys from legitimate companies or by obtaining certificates through impersonation of legitimate organizations. Research has identified over one million signed malware samples in the wild. Core capabilities include: - **Certificate Chain Validation:** Tests software packages for signs of illegitimate code signing by detecting mismatches in certificate chains. - **Unsignable File Authentication:** Provides a method to authenticate files that cannot be traditionally signed, such as certain binaries and DLLs. This is particularly relevant for ICS/OT environments where firmware and other file types lack native signing support. - **Stolen Key Detection:** Identifies cases where a vendor's signing credentials are being used by unauthorized parties to distribute software, enabling vendors to take corrective action such as contacting the certificate authority and notifying customers.