The malicious packages were allegedly digitally signed using a compromised eScan certificate, allowing them to appear legitimate and bypass standard trust mechanisms. Once deployed, the malware ...