Cybersecurity

5958 readers

379 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

Ad-injecting malware posing as DwAdsafe ad blocker uses Microsoft-signed driver (www.helpnetsecurity.com)

submitted 5 months ago by kid to c/cybersecurity

3 comments fedilink hide all child comments

top 3 comments

sorted by: hot top controversial new old

[–] [email protected] 5 points 5 months ago

That's new... And not good

[–] [email protected] 3 points 5 months ago (1 children)

How did they get Microsoft to sign their driver?

[–] [email protected] 5 points 5 months ago

What really stood out to ESET researchers was the embedded driver signed by Microsoft. According to its signature, it was developed by a Chinese company named Hubei Dunwang Network Technology.

[...] according to our research, this software was advertised as an internet café security solution aimed at Chinese-speaking individuals. It purports to improve the web browsing experience by blocking ads and malicious websites, but the reality is quite different — it leverages its browser traffic interception and filtering capabilities to display game-related ads. It also sends some information about the computer to the company’s server, most likely to gather installation statistics

Sounds like MS was fooled some way, they don't check Chinese only software that carefully? Historically ms had good relations with the Chinese state (E.g. Windows 10 China Government Edition) It sounds like this was targeted to Chinese users.

They don't know how it slipped through, or they don't want to tell us...