BaoLoader malware has been upgraded to a fraud classification due to its seven-year abuse of at least 26 code-signing certificates obtained through shell companies. Actors directly procured these certificates from major Certificate Authorities to persistently deploy backdoors, linking current and past malicious campaigns. This highlights the urgent need for improved certificate validation and rapid revocation procedures to defend against such attacks.