Microsoft Admits to Signing Rootkit Malware in Supply-Chain Fiasco

by
janrinok
from SoylentNews on (#5KPCV)

upstart writes:

Microsoft admits to signing rootkit malware in supply-chain fiasco:

Microsoft has now confirmed signing a malicious driver being distributed within gaming environments.

This driver, called "Netfilter," is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs.

G Data malware analyst Karsten Hahn first took notice of this event last week and was joined by the wider infosec. community in tracing and analyzing the malicious drivers bearing the seal of Microsoft.

This incident has once again exposed threats to software supply-chain security, except this time it stemmed from a weakness in Microsoft's code-signing process.

Last week, G Data's cybersecurity alert systems flagged what appeared to be a false positive, but was not-a Microsoft signed driver called "Netfilter."

The driver in question was seen communicating with China-based C&C IPs providing no legitimate functionality and as such raised suspicions.

This is when G Data's malware analyst Karsten Hahn shared this publicly and simultaneously contacted Microsoft[.]

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments