TRENDING: Nintendo Switch 2 release window confirmed by at least six developers

Microsoft officially approved this extremely dangerous door-opening malware

Cybersecurity researchers discovered a Microsoft-approved fake ad blocker that was marketed to internet cafes, and it injected kernel-level malware.

Microsoft officially approved this extremely dangerous door-opening malware
Comment IconFacebook IconX IconReddit Icon
Junior Editor
Published
1 minute & 45 seconds read time

A product that was originally marketed as a security product has been discovered to be malicious malware that injects a kernel-level infection that makes the device susceptible to further attacks.

Microsoft officially approved this extremely dangerous door-opening malware 65651165

A new investigative report into the malware called HotPages revealed researchers notified Microsoft of the malicious software on March 18, and it has since been removed from the Windows Server Catalog of where it was once approved on May 1. However, up until that point, HotPage was presumably delivered to its victims as a security product, masquerading as an ad blocker called DWAdsafe for internet cafes in China.

HotPage contained malicious code that dropped a vulnerable system-level driver that could enable any attacker with the highest level privilege to execute new malicious code within a device. Additionally, the malware didn't even remove ads; it instead intercepted web traffic and redirected and manipulated content within a victim's browser. The malware hooked Windows API functions to intercept and modify browser activity to collect information on the victim, which was then sent back to the HotPage creator's server.

The main concern here is how Microsoft's code-checking process enabled such malicious malware to be signed off and enter the Windows Server Catalog.

"In a rather simple scenario a shady company would develop a legitimate computer software, which would go through the driver-signing requirements. Later on, the editor could covertly introduce a backdoor, either through new functionalities or by intentionally introducing a vulnerability. HotPage (or DWAdsafe), posed as a security product to block ads, and so possesses interception functionalities. Here, the problem lies in the way the software can be configured and misused," said Romain Dumont, malware researcher for ESET

"I don't think a bulletproof process exists," Dumont says. "A naive approach would be to do a background check on companies and verify that the advertised functionalities correspond to the actual functionalities through a security assessment. Microsoft could ask for a certain level of transparency regarding the intended purpose of the software and the required functionalities to achieve it. The more functionalities an editor needs, the more tests they should pass. But let's face it, it's a difficult and time-consuming task."

Photo of the $10 -PlayStation Store Gift Card [Digital Code]
Best Deals: $10 -PlayStation Store Gift Card [Digital Code]
Country flag Today 7 days ago 30 days ago
$10 USD -
Buy
Loading... Loading...
Buy
* Prices last scanned on 12/7/2024 at 11:38 pm CST - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission from any sales.

Junior Editor

Email IconX IconLinkedIn Icon

Jak joined the TweakTown team in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms.

Related Topics

Newsletter Subscription