The fraudulent files, which act like valid code signing certificates, allowed malware to go undetected by most anti-virus scans, Recorded Future says.

EV certificates — the files that tell a browser to show the little green lock — are supposed to make crystal clear who owns a website. There's…