Implications of a valid and authorized driver unintentionally exposing vulnerabilities – Security Weekly with Tony Anscombe

AndyC 24 July 2024

Video
A presumed ad blocker marketed as a security solution utilizes a driver signed by Microsoft, inadvertently putting users at risk of threats

<

How a legitimate and signed driver left the doors open to threats – Week in Security with Tony Anscombe

Video

A presumed ad blocker marketed as a security solution utilizes a driver signed by Microsoft, inadvertently putting users at risk of threats

Editor

21 Jul 2024

ESET researchers have unveiled their discoveries regarding HotPage, a browser injector that relies on a driver created by a Chinese firm and validated by Microsoft.

This malicious software poses as an “Internet café security solution” boasting ad-blocking features. In reality, however, it showcases game-related advertisements and has the ability to alter or substitute the content of a requested webpage, redirect users, or open new tabs based on specific conditions.

Additionally, it unknowingly allows other threats to execute code at the highest privilege level in Windows – the SYSTEM account.

Observe as Tony delves into the narrative, shedding light on how the misuse of certificates remains a prevalent issue.

Interact with us on FacebookTwitterLinkedIn and Instagram.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

AndyC 19 December 2025
ESET Threat Report H2 2025

ESET Threat Report H2 2025

AndyC 17 December 2025
Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025
Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025
Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025
Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025

You may have missed

Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread

Randall Munroe’s XKCD ‘Fifteen Years’

AndyC 20 December 2025
Why AppSec Can’t Keep Up With AI-Generated Code

Google Shutting Down Dark Web Report Met with Mixed Reactions

AndyC 20 December 2025
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.