Microsoft confirms it has signed a rootkit driver – Computer


Microsoft acknowledges having signed a rootkit driver. The company is currently investigating this rootkit, which Microsoft says has only been deployed in the Chinese gaming industry.

Microsoft confirms in a blog post that the representative behind the rootkit, called Netfilter, submitted the driver for validation, after which Microsoft signed it. “The representative submitted the drivers for certification through the Windows Hardware Compatibility Program,” the tech giant said. “The pilots were created by a third party. We suspended the account and checked the provided drivers for other signs of malware.

Microsoft claims that the actor behind this rootkit is only active in the “Chinese games industry”. There is no indication that Netfilter has been used to iron out work environments, according to the tech giant. The company also said it has yet to attribute the attack to a state hacker. Microsoft wrote that users should take no action other than “follow good security measures and use anti-virus software.”

“The actor’s goal is to use the driver to track his location.” plagiarism Microsoft said, thus fooling the system and playing anywhere. As a result, malware can “gain an advantage in games” and “possibly take advantage of other players by stealing their accounts using tools such as the keyboard finder.”

The site’s rootkit driver was last Friday It was noticed by G-Data, a German cybersecurity company that makes, among other things, antivirus software. The malware communicates with Chinese servers. “The primary function of the rootkit driver is to redirect traffic,” the company wrote. Rootkits can also update themselves.

As of Windows Vista, code that runs in kernel mode must be signed by Microsoft before it can be released. Drivers without a Microsoft certificate cannot be installed by default. Thus, G-Data was recently informed of a possible false alarm because its antivirus detected a Netfilter driver signed by Microsoft.

“But in this case, the conclusion was really positive, so we sent our findings to Microsoft, who quickly added the malware to Windows Defender and is conducting an internal investigation,” G-Data said.

Netfilter site driver. Source: G data

Leave A Reply

Your email address will not be published.