Ad-injecting malware posing as DwAdsafe ad blocker uses Microsoft-signed driver (www.helpnetsecurity.com)

submitted 3 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

3 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Gork@lemm.ee 3 points 3 months ago

How did they get Microsoft to sign their driver?

[-] infeeeee@lemm.ee 5 points 3 months ago

What really stood out to ESET researchers was the embedded driver signed by Microsoft. According to its signature, it was developed by a Chinese company named Hubei Dunwang Network Technology.

[...] according to our research, this software was advertised as an internet café security solution aimed at Chinese-speaking individuals. It purports to improve the web browsing experience by blocking ads and malicious websites, but the reality is quite different — it leverages its browser traffic interception and filtering capabilities to display game-related ads. It also sends some information about the computer to the company’s server, most likely to gather installation statistics

Sounds like MS was fooled some way, they don't check Chinese only software that carefully? Historically ms had good relations with the Chinese state (E.g. Windows 10 China Government Edition) It sounds like this was targeted to Chinese users.

They don't know how it slipped through, or they don't want to tell us...

this post was submitted on 22 Jul 2024

72 points (98.6% liked)

Cybersecurity

5558 readers

192 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social