Software giant Adobe is to overhaul its digital signing procedures after the discovery of two malware samples carrying the firm's digital certificate of approval.
The certificate's presence means the "malicious utilities" would have been treated as safe by end users' computers.
We believe the vast majority of users are not at risk.
In a blog post, confirming the discovery, Adobe said the malware had been traced back to a single source and that a "compromised build server" had been discovered with access to the firm's code signing infrastructure.
"We immediately decommissioned the existing Adobe code signing infrastructure and initiated a forensics investigation to determine how these signatures were created," said the blog post.
"We are proceeding with plans to revoke the certificate and publish updates for existing Adobe software signed using the impacted certificate."
The firm said signed samples of malware are often used in "highly targeted attacks", but said the "vast majority" of users were not at risk.
The software vendor has introduced an interim signing service, featuring an offline human verification stage, and revealed that it is working on a replacement system.
It will also be revoking all affected certificates, issued after 10 July 2012, on Thursday 4 October 2012.
