Microsoft Admits of Signing a Rootkit Malware

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News


Earlier this month, Microsoft signed a driver called Netfilter that turned out to be a malicious network filter rootkit. Krasten Hahn, a G data malware analyst, first identified the rootkit which he later traced, analyzed, and identified as bearing Microsoft’s seal. 

When Microsoft researchers analyzed the rootkit, it was found that it communicated with Chinese command-and-control IPs (C2) and as it turns out, these belong to one of the companies called Ningbo Zhuo Zhi Innovation Network Technology Co. Ltd. and was labeled as ‘Community Chinese Military’ by the United States Department of Defense. 

Microsoft said that the threat actor’s goal is to cheat gaming systems. “To use the driver to spoof their geo-location to cheat the system and play from anywhere. The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers,” according to Microsoft’s advisory. 

The company collaborated with Microsoft to analyze and patch any known security holes, including for affected hardware. Users will get clean drivers through Windows Update. Moreover, they added that the rootkit only works if a user authorizes the driver and it obtains administrator-level access on a PC to install the driver. The idea is that Netfilter wo

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Similar Posts