Microsoft acknowledges that it has signed a rootkit driver. The company is currently investigating this rootkit, which Microsoft says has only been deployed in the Chinese gaming sector.
Microsoft confirms in Blog post That the representative behind the rootkit, called Netfilter, sent the driver in for validation, after which Microsoft signed it off. “The representative submitted drivers for certification through the Windows Hardware Compatibility Program,” the tech giant said. “The drivers were created by a third party. We suspended the account and checked the provided drivers for additional signs of malware.”
Microsoft claims that the actor behind this rootkit is only active in the “Chinese gaming sector”. There is no indication that Netfilter has been used to flatten work environments, according to the tech giant. The company also stated that it had not yet attributed the attack to a state hacker. Microsoft wrote that users should not take any actions other than “follow good security measures and use antivirus software.”
“The actor’s goal is to use the driver to track their geographical location.” plagiarism Microsoft said, thus cheating the system and playing anywhere. As a result, malware can “gain an advantage in games” and “likely take advantage of other players by stealing their accounts through tools such as keyboard spotter”.
The site rootkit driver was last friday It was noticed by G-Data, a German cybersecurity company that makes antivirus software, among other things. The malware communicates with Chinese servers. “The rootkit driver’s main function is to redirect traffic,” the company wrote. Rootkits can also update themselves.
Since Windows Vista, code that runs in kernel mode must be signed by Microsoft before it can be released. Drivers without a Microsoft certificate cannot be installed by default. So G-Data was recently notified of a possible false alarm because its antivirus detected a Microsoft-signed Netfilter driver.
“But in this case, the finding was really positive, so we sent our findings to Microsoft, which quickly added the malware to Windows Defender and is conducting an internal investigation,” G-Data said.