Well the technique could certainly be applied to code signed apps
instead of websites and would it have the same level of scrutiny when
most of the infosec world appears to be focused on website identities?

In Windows 7, control panel, add remove programs, you can only see a
publisher name, so something could be hiding in plain sight so to
speak.

I've also noticed MS smart screen and AV software doesnt always flag up
malicious software even when its code signed.

A year or so ago I tried getting a domain and had it registered to my
old company but at an address of an office block that rents office
space nearby, that was flagged up straight away, so I do wonder just
how much surveillance there is on us now a days.

--
Richard