Microsoft admits to wrongly approving Chinese hacker’s malware

 240 total views

2021-06-28 19:23:15

Last week, Karsten Hahn, a malware researcher at G Data, discovered a suspicious piece of software on Microsoft systems. At first, Hahn thought that G Data’s system had mistakenly warned because this driver software called Netfilter was approved by Microsoft.

However, upon closer inspection, Hahn realized that Netfilter was communicating with the IP addresses of the control server (C&C) in China. Other than that, it doesn’t have any other functions.

Hahn immediately reported the issue to Microsoft and then made it public in the security community. Netfilter works at the kernel level of the operating system and to do that it needs to be approved by Microsoft.

“From Windows Vista onwards, to ensure the stability of the operating system, any code that runs at the kernel level is required to be tested and approved by Microsoft before being released. The drivers are not approved by Microsoft. Approval will not be able to be installed”, Hahn shared.

Microsoft admits to wrongly approving Chinese hacker’s malware

When it received the notice from Hahn, Microsoft said it was actively investigating the incident. So far, there is no indication that Netfilter uses stolen certificates.

This proves that the guys behind Netfilter followed Microsoft’s process to get this driver officially approved. Microsoft confirmed that it has approved a malware rootkit being distributed in gaming environments. Microsoft has now terminated the Netfilter management account and reviewed the other content that account provides for additional signs of malware.

According to Microsoft, the hacker controlling Netfilter mainly targeted the game industry in China. There is currently no indication that the enterprise environment is affected by Netfilter.

Microsoft doesn’t think that the people running Netfilter are connected to the government.

This incident revealed a weakness in the approval process, granting legal digital signatures for Microsoft software. Hackers can take advantage of these weaknesses to introduce malicious code into Microsoft’s systems to serve dangerous supply chain attacks.


#Microsoft #admits #wrongly #approving #Chinese #hackers #malware

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Close Bitnami banner