ESET Analysis
ESET researchers talk about HotPage, a just lately found adware armed with a highest-privilege, but weak, Microsoft-signed driver
05 Sep 2024
•
,
1 min. learn
Often when somebody mentions adware, folks consider low-quality half-baked malicious code used to spam victims with sketchy adverts. However as we clarify on this episode of our podcast, not all adware is created equal. HotPage is a just lately found trojan utilizing a weak, Microsoft-signed, kernel driver to inject and manipulate what victims see of their browsers.
Of their dialog, host ESET Distinguished Researcher Aryeh Goretsky and his visitor ESET Principal Menace Intelligence Researcher Robert Lipovsky, examine HotPage to different threats, particularly infostealing malware, which usually has the same degree of sophistication however is way extra harmful. Each additionally elaborate on the method the creators of this adware will need to have gone by to get their driver signed by Microsoft.
One other fascinating factor about HotPage is that it’s a trojan by its very definition. Marketed as safety answer and advert blocking software program for Chinese language web cafes, it delivers the precise reverse, spamming customers with scores of adverts and leaving the door open for different menace actors to run different malicious code. Based mostly on its regional and vertical concentrating on, HotPage appears to be designed to go after Chinese language players.
Within the episode, listeners can even hear particulars on how ESET mitigated HotPage, actionable recommendation on the way to keep away from the menace on user-end, and what to do if one suspects to be contaminated by it.
For detailed report on HotPage and different menace actor actions, comply with ESET research on X (formerly known as Twitter), and take a look at our newest blogposts and white papers on WeLiveSecurity.com. In case you like what you hear, subscribe for extra on Spotify, Apple Podcasts, or PodBean.