The security experts have recently detected a malicious driver, Netfilter that is signed by Microsoft itself. And this Netfilter rootkit generally connects to C&C infrastructure along with a Chinese IP address.
However, in one of the recent reports, Microsoft has confirmed that they have hired a malicious driver, and now it is being administered in the gaming environment.
In an investigation, it came to know that the driver that has been signed by the company turned out to be a malicious Windows rootkit, and is continuously targetting gaming environments.
The G DATA malware analyst, Karsten Hahn who has first identified the malicious rootkit has affirmed that the threat actors are targetting the users, particularly in the East Asian country.
However, the Redmond-based firm has noted the attack and they clarified that the main motive of the threat actors is to use the driver to trick their geo-location so that they can deceive the system and will implement their planned operation.
No Indication of Certificate Exposure
The company along with the Zero Trust and layered defenses security posture, have built-in detection and are trying their best to block this driver as soon as possible, and not only this the company is also trying to find out the files that are linked through Microsoft Defender for Endpoint.