One of the security weaknesses exploited by the “Stuxnet” worm that sabotaged Iran’s nuclear enrichment program was that it had a valid digital signature from a recognized issuer of certificates for Windows software. Of course, the issuer would never knowingly have validated a piece of malware, but the certificate had been compromised so it could be used without their permission.

Turns out this sort of thing is not only quite common, there is a further problem in that anti-malware software, which is supposed to pick up revoked certificates and reject signatures that use them, frequently has bugs in their implementation of the signature-checking protocol, so they can let these bad signatures through.

https://arstechnica.com/information-technology/2017/11/evasive-code-signed-malware-flourished-before-stuxnet-and-still-does/