Ad-injecting malware posing as DwAdsafe ad blocker uses Microsoft-signed driver
ESET Research has discovered a sophisticated Chinese browser injector: a signed, vulnerable, ad-injecting driver from a mysterious Chinese company. This threat, which ESET dubbed HotPage, comes self-contained in an executable file that installs its main driver and injects libraries into Chromium-based browsers. The Chinese company’s certified products listed in the Windows Server Catalog (source: ESET) Posing as a security product capable of blocking advertisements, it actually introduces new ads. Additionally, the malware can replace the … More →
