This technique, called authenticode stuffing, allows for the insertion of data into a certificate table while keeping the digital signature intact. ScreenConnect abused for initial access ...

Whenever Authenticode encounters a security certificate it can't identify, Internet Explorer displays a visual prompt, warning against the potential dangers of dealing with the site in question.

After the publication of this article, Dormann told BleepingComputer that threat actors could modify any Authenticode-signed file, including executables (.EXE), to bypass the MoTW security warnings.