Microsoft has admitted to signing a malicious driver that is being distributed within gaming environments.
Microsoft usually tests the drivers before assigning them a digital certificate which approves them to be installed by default. A driver named Netfilter that redirects traffic to an IP in China and installs a root certificate to the registry has managed to make it through that testing process without being detected as malware, specifically a rootkit.
A malware analyst at G Data, Karsten Hahn, has found the malicious driver and notified Microsoft who stated that they have promptly added malware signatures to Windows Defender and also added they are conducting an internal investigation. Microsoft has also suspended the account that submitted the driver and they are currently going over their previous submissions.
Microsoft's security response center team characterized the malware's activity as limited to the gaming sector specifically in China and then explained its goal. According to them the threat actor's purpose is to use the driver to spoof their geo-location to cheat the system and play from anywhere. The malware gives them an advantage in games and possibly exploits other players by compromising their accounts through common tools like keyloggers.
Microsoft stated that users will get clean drivers through Windows Update. Windows users are advised to follow security best practices and deploy Antivirus software such as Windows Defender.
Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.
We are about leadership — the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry