ESET research
ESET researchers discuss HotPage, a recently discovered adware armed with a Microsoft-signed driver with the highest privileges
September 5, 2024
•
,
1 minute. read
When someone talks about adware, people usually think of half-baked, low-quality malicious code used to spam victims with sketchy advertisements. But as we explain in this episode of our podcast, not all adware is the same. HotPage is a recently discovered trojan that uses a vulnerable Microsoft-signed kernel driver to inject and manipulate what victims see in their browsers.
In their conversation, host ESET Distinguished Researcher Aryeh Goretsky and his guest ESET Principal Threat Intelligence Researcher Robert Lipovsky compare HotPage to other threats, especially information-stealing malware, which typically has a similar level of sophistication but is much more dangerous. Both also delve into the process the creators of this adware must have gone through to get their driver signed by Microsoft.
Another interesting aspect of HotPage is that it is a Trojan by definition. Advertised as a security solution and ad blocking software for Chinese Internet cafes, it does exactly the opposite: it spams users with dozens of ads and leaves the door open for other threat actors to execute other malicious code. Based on its regional and vertical targeting, HotPage seems designed to go after Chinese gamers.
In the episode, listeners will also hear details on how ESET restricted HotPage, practical advice on how to avoid the threat on the user side and what to do if one suspects they have been infected by it.
For a detailed report on HotPage and other threat actor activities, follow along ESET investigation into X (formerly known as Twitter)and view our latest blog posts and whitepapers on WeLiveSecurity.com. If you like what you hear, subscribe for more Spotify, Apple podcastsor PodBean.
