Ad-injecting malware posing as DwAdsafe ad blocker uses Microsoft-signed driver (www.helpnetsecurity.com)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 22 Jul 2024 11:37
https://sh.itjust.works/post/22600810

#cybersecurity

threaded - newest

_sideffect@lemmy.world on 22 Jul 2024 12:15 next collapse

That’s new… And not good

Gork@lemm.ee on 22 Jul 2024 13:26 collapse

How did they get Microsoft to sign their driver?

infeeeee@lemm.ee on 22 Jul 2024 14:41 collapse

What really stood out to ESET researchers was the embedded driver signed by Microsoft. According to its signature, it was developed by a Chinese company named Hubei Dunwang Network Technology.

[…] according to our research, this software was advertised as an internet café security solution aimed at Chinese-speaking individuals. It purports to improve the web browsing experience by blocking ads and malicious websites, but the reality is quite different — it leverages its browser traffic interception and filtering capabilities to display game-related ads. It also sends some information about the computer to the company’s server, most likely to gather installation statistics

Sounds like MS was fooled some way, they don’t check Chinese only software that carefully? Historically ms had good relations with the Chinese state (E.g. Windows 10 China Government Edition) It sounds like this was targeted to Chinese users.

They don’t know how it slipped through, or they don’t want to tell us…