Security News > 2023 > July > Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector

Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that's engineered to communicate with an actor-controlled attack infrastructure.

"This malicious actor originates from China and their main victims are the gaming sector in China," Trend Micro's Mahmoud Zohdy, Sherif Magdy, and Mohamed Fahmy said.

Multiple variants of the rootkit spanning eight different clusters have been discovered, with 75 such drivers signed using Microsoft's WHQL program in 2022 and 2023.

One of the suspected entry points for these infections is said to be a trojanized Chinese game, mirroring Cisco Talos' discovery of a malicious driver called RedDriver.

As many as 133 malicious drivers signed with legitimate digital certificates have been uncovered, 81 of which are capable of terminating antivirus solutions on victims' systems.

"Because drivers often communicate with the 'core' of the operating system and load before security software, when they are abused, they can be particularly effective at disabling security protections - especially when signed by a trusted authority," Christopher Budd, director of threat research at Sophos X-Ops, said.

News URL

https://thehackernews.com/2023/07/chinese-hackers-deploy-microsoft-signed.html