Visualization
A purported ad blocker presented as a protective measure exploits a Microsoft-endorsed driver, inadvertently putting victims at risk of severe threats
21 Jul 2024
This week, ESET researchers have published their discoveries on HotPage, a browser injector that utilizes a driver created by a Chinese firm and endorsed by Microsoft.
The malicious software poses as an “Internet café security solution” boasting ad-blocking features. However, in reality, it showcases ads related to games and has the ability to alter or substitute requested page content, direct users to alternative pages, or launch a new tab under specified conditions.
In addition, it inadvertently creates a gateway for other threats to initiate code execution at the highest privilege level in Windows – the SYSTEM account.
Tune in as Tony delves into the details and elaborates on why misuse of certificates continues to be a pressing concern.
About Author
