New article: Microsoft signed a malicious Netfilter rootkit
Thanks for your contributions @jaydinbas @ cyb3rops @cci_forensics https://t.co/6mtxONK1YS
- Karsten Hahn (@struppigel) June 25, 2021
Having become aware of the situation, Microsoft has confirmed the danger of the driver, which was also sending information to a Chinese company that the US Department of Defense classified as "Community Chinese Military". The creator of the driver, Ningbo Zhuo Zhi Innovation Network Technology, was working with Microsoft to study and correct almost known security problem. A new version of the software, free of malware, will be distributed via Windows Update.
The Redmond company has apologized for the incident and has begun an investigation into it. As for the future, Microsoft ensures that the signing process will be reviewed. A post was also published on the official blog, which reads:
We found no evidence that the WHCP signing certificate has been compromised. The infrastructure was not compromised. The actor's activity has been limited to the gaming sector especially in China and does not seem to have aimed at corporate environments. We are not attributing responsibility to any actor inherent in the nation state at this time. The actor's goal was to use the driver to fake geo-location, cheat the system and play from any location. Malware allows attackers to gain an advantage in games and possibly exploit other users by compromising their accounts through common tools such as keyloggers.
However, this is a rather dangerous precedent, as usually a driver certified by Microsoft itself is synonymous with quality and should have been thoroughly checked before being digitally signed.
If you are looking for a good motherboard for your new setup with AMD Ryzen processors, you can find the Gigabyte X570 on Amazon AORUS ELITE at discounted price.