How a legitimate and signed driver left the doors open to threats – Week in Security with Tony Anscombe
Video
A purported ad blocker marketed as a security solution hides kernel-level malware that inadvertently exposes victims to even more dangerous threats
21 Jul 2024
This week, ESET researchers have released their findings about HotPage, a browser injector that leverages a driver developed by a Chinese company and signed by Microsoft.
The malware masquerades as an “Internet café security solution” with ad-blocking capabilities. In reality, however, it displays game-related ads and can modify or replace the contents of a requested page, redirect the user to another page, or open a new page in a new tab based on certain conditions.
What’s more, it also inadvertently leaves the door open for other threats to run code at the highest privilege level in Windows – the SYSTEM account.
Watch as Tony dives into the story and explains how certificate abuse is still a hot issue.
Connect with us on Facebook, Twitter, LinkedIn and Instagram.