Video
A so-called ad blocker marketed as a security solution uses a Microsoft-signed driver that inadvertently exposes victims to dangerous threats
July 21, 2024
This week, ESET researchers released their findings on HotPage, a browser injector that uses a driver developed by a Chinese company and signed by Microsoft.
The malware masquerades as an “internet cafe security solution” with ad blocking capabilities. In reality, however, it displays game-related advertisements and can change or replace the content of a requested page, redirect the user to another page, or open a new page in a new tab based on certain conditions.
Additionally, it inadvertently leaves the door open for other threats to execute code at the highest privilege level in Windows: the SYSTEM account.
Watch Tony dive into the story and explain how certificate abuse is still a hot topic.