Attackers abuse Microsofts 'verified publisher' status to steal data