Have any private keys actually been made public? I don't see any evidence of that. The only claim I see here is that they're being used to sign malware.