A driver containing rootkit malware was certified by Microsoft

Image for A driver containing rootkit malware was certified by Microsoft
(Image credit: Pixabay)

Microsoft tests drivers before assigning them a digital certificate that approves them to be installed by default. Somehow, a driver called Netfilter that redirects traffic to an IP in China and installs a root certificate to the registry managed to make it through that testing without being detected as malware.

Karsten Hahn, a malware analyst at G Data, found the malicious driver and notified Microsoft, "who promptly added malware signatures to Windows Defender and are now conducting an internal investigation." Microsoft also suspended the account that submitted the driver, and is currently going over their previous submissions.

Microsoft's security response center team described the malware's activity as "limited to the gaming sector specifically in China" and explained its purpose: "The actor's goal is to use the driver to spoof their geo-location to cheat the system and play from anywhere. The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers."

How did this happen? Right now, nobody knows. Windows users are advised, "There are no actions customers should take other than follow security best practices and deploy Antivirus software such as Windows Defender for Endpoint."

Jody Macgregor
Weekend/AU Editor

Jody's first computer was a Commodore 64, so he remembers having to use a code wheel to play Pool of Radiance. A former music journalist who interviewed everyone from Giorgio Moroder to Trent Reznor, Jody also co-hosted Australia's first radio show about videogames, Zed Games. He's written for Rock Paper Shotgun, The Big Issue, GamesRadar, Zam, Glixel, Five Out of Ten Magazine, and Playboy.com, whose cheques with the bunny logo made for fun conversations at the bank. Jody's first article for PC Gamer was about the audio of Alien Isolation, published in 2015, and since then he's written about why Silent Hill belongs on PC, why Recettear: An Item Shop's Tale is the best fantasy shopkeeper tycoon game, and how weird Lost Ark can get. Jody edited PC Gamer Indie from 2017 to 2018, and he eventually lived up to his promise to play every Warhammer videogame.

Read more
A computer screen with program code warning of a detected malware script program. 3d illustration
Second Steam listing this year found hiding 'new and clever' malware. This time through a fake demo link on developer's website
Mister Fantastic giving a thumbs up
A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
Steam logo
A web3 free-to-play survival game found to be a front for installing malware on your PC has finally been removed from Steam
Three Magikarp Pokémon
The FBI used self-destruct on malware infecting over 4,000 US computers, it's super effective
Marvel Rivals units - Three superheroes
Marvel Rivals admits that it accidentally banned some players for trying to run the game in a different operating system, which isn't cheating
Team Fortress Spy being shocked
An FPS studio pulled its game from Steam after it got caught linking to malware disguised as a demo, but the dev insists it was actually the victim of a labyrinthine conspiracy
Latest in Security
An FBI wanted poster for alleged hacker Zhou Shuai.
US Justice Dept announces $10 million bounty on at-large 'hacker-for-hire' cabal it says targeted China critics, religious missionaries, and the Treasury
Kinzie, in an FBI jacket, uses a computer with the logo of the Third Street Saints on it
Have I Been Pwned adds over 284 million compromised passwords from latest breach
A still from a YouTube video of Senator Mark Warner speaking
Telecoms hack on US government officials is 'worst in nations history' and 'the barn door is still wide open' says senator
HDMI cable
Hackers can wirelessly spy on your display by collecting HDMI signal leaks and churning them through an AI, but I wouldn't break out the tin foil just yet
Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg
Forcing users to periodically change their passwords should go the way of the dodo according to the US government
An original Apple Macintosh Model M0001, as they celebrate 40th anniversary, is on display in between 2024 Apple models at the independent Apple products store chain Amac, on January 24, 2024 in Utrecht, The Netherlands. Based on the Motorola 68000 microprocessor, the Macintosh was the first successful mouse-driven computer with a graphical user interface.
Major browser providers scramble to patch an 18-year-old vulnerability affecting MacOS and Linux systems but Windows remains gloriously immune
Latest in News
A gigantic terracotta sentinel made of living armor
Total War: Warhammer 3's army of Cathay has broken containment and is making its way to tabletop Warhammer at last
Two brightly colored stormtroopers dressed like Run-DMC stand in front of PAX Australia's WELCOME HOME banner.
Tickets for PAX Australia 2025 are on sale now
An Enshrouded player in a recreation of Erebor from The Lord of the Rings
Kings under the Mountain! 33 Enshrouded players spent 10,000 hours to recreate this iconic location from The Lord of the Rings
A mech awakens.
Mecha Break developer is considering unlocking all mechs following open beta feedback
Lara Croft Unified Art
Tomb Raider developer Crystal Dynamics lays off 17 employees 'to better align our current business needs and the studio's future success'
A long bendy arm stealing money from people in a subway car
'You're a very long arm. You steal things. It's a comedy game,' explains developer of comedy game where you steal things with a very long arm