How a legitimate and signed driver left the doors open to threats – Week in Security with Tony Anscombe
- by nlqip
Video
A purported ad blocker marketed as a security solution hides kernel-level malware that inadvertently exposes victims to even more dangerous threats
21 Jul 2024
This week, ESET researchers have released their findings about HotPage, a browser injector that leverages a driver developed by a Chinese company and signed by Microsoft.
The malware masquerades as an “Internet café security solution” with ad-blocking capabilities. In reality, however, it displays game-related ads and can modify or replace the contents of a requested page, redirect the user to another page, or open a new page in a new tab based on certain conditions.
What’s more, it also inadvertently leaves the door open for other threats to run code at the highest privilege level in Windows – the SYSTEM account.
Watch as Tony dives into the story and explains how certificate abuse is still a hot issue.
Connect with us on Facebook, Twitter, LinkedIn and Instagram.
Source link
lol
Video A purported ad blocker marketed as a security solution hides kernel-level malware that inadvertently exposes victims to even more dangerous threats 21 Jul 2024 This week, ESET researchers have released their findings about HotPage, a browser injector that leverages a driver developed by a Chinese company and signed by Microsoft. The malware masquerades as…
Recent Posts
- Trump and Vance Phones Among Alleged Targets of Chinese Hackers
- Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
- Multiple Vulnerabilities in Siemens InterMesh Subscriber Devices Could Allow for Remote Code Execution
- AMD Boosts Instinct GPU Sales Forecast Again Due To High AI Demand
- New Windows Themes zero-day gets free, unofficial patches