A driver containing rootkit malware was certified by Microsoft

Image for A driver containing rootkit malware was certified by Microsoft
(Image credit: Pixabay)
Audio player loading…

Microsoft tests drivers before assigning them a digital certificate that approves them to be installed by default. Somehow, a driver called Netfilter that redirects traffic to an IP in China and installs a root certificate to the registry managed to make it through that testing without being detected as malware.

Karsten Hahn (opens in new tab), a malware analyst at G Data, found the malicious driver and notified Microsoft, "who promptly added malware signatures to Windows Defender and are now conducting an internal investigation." Microsoft also suspended the account that submitted the driver, and is currently going over their previous submissions.

Microsoft's security response center team (opens in new tab) described the malware's activity as "limited to the gaming sector specifically in China" and explained its purpose: "The actor's goal is to use the driver to spoof their geo-location to cheat the system and play from anywhere. The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers."

How did this happen? Right now, nobody knows. Windows users are advised, "There are no actions customers should take other than follow security best practices and deploy Antivirus software such as Windows Defender for Endpoint."

Jody Macgregor
Weekend/AU Editor

Jody's first computer was a Commodore 64, so he remembers having to use a code wheel to play Pool of Radiance. A former music journalist who interviewed everyone from Giorgio Moroder to Trent Reznor, Jody also co-hosted Australia's first radio show about videogames, Zed Games (opens in new tab). He's written for Rock Paper Shotgun (opens in new tab), The Big Issue, GamesRadar (opens in new tab), Zam (opens in new tab), Glixel (opens in new tab), Five Out of Ten Magazine (opens in new tab), and Playboy.com (opens in new tab), whose cheques with the bunny logo made for fun conversations at the bank. Jody's first article for PC Gamer was about the audio of Alien Isolation, published in 2015, and since then he's written about why Silent Hill belongs on PC, why Recettear: An Item Shop's Tale is the best fantasy shopkeeper tycoon game, and how weird Lost Ark can get. Jody edited PC Gamer Indie from 2017 to 2018, and he eventually lived up to his promise to play every Warhammer videogame.