MalwareBytes has this interesting blog post here that takes you through the process of understanding how hackers exploit phony certs. The cert is part of a PDF that hides an executable file which contains a huge banking Trojan. There are several interesting aspects to this exploit, including the fact that the Trojan is so large that it doesn't get parsed by many anti-virus/anti-malware tools. These tools are usually looking for very small .exe's. As the post says, "What we have here is a total abuse of hosting services, digital certificates and repeated offenses from the same people. Clearly, if digital certificates can be abused so easily, we have a big problem on our hands."
A word to the wise: Even if a file is digitally signed, it does not guarantee that it’s safe to use.