Rootkit Malware Found in Signed Windows Driver GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Internet & Security
Rootkit Malware Found in Signed Windows Driver
Microsoft assures the compromised Netfilter driver had a limited impact
By Rob Rich Rob Rich News Reporter College for Creative Studies Rob is a freelance tech reporter with experience writing for a variety of outlets, including IGN, Unwinnable, 148Apps, Gamezebo, Pocket Gamer, Fanbolt, Zam, and more. lifewire's editorial guidelines Updated on June 28, 2021 11:20AM EDT Fact checked by Rich Scherr Fact checked by Rich Scherr University of Maryland Baltimore County Rich Scherr is a seasoned technology and financial journalist who spent nearly two decades as the editor of Potomac and Bay Area Tech Wire. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming Microsoft has stated that a driver certified by the Windows Hardware Compatibility Program (WHCP) was found to contain rootkit malware, but says the certificate infrastructure was not compromised. In a statement posted in Microsoft's Security Response Center, the company confirms it discovered the compromised driver and has suspended the account that originally submitted it. As pointed out by Bleeping Computer, this incident was likely caused by a weakness in the code-signing process, itself. Chesnot / Getty Images Microsoft also says that it has seen no evidence that the WHCP signing certificate was compromised, so it's unlikely that someone was able to fake certification. A rootkit is designed to mask its presence, making it difficult to detect even while it's running. Malware hidden inside a rootkit can be used to steal data, alter reports, take control of the infected system, and so on. According to Microsoft, the driver's malware seems intended for use with online gaming and can spoof the user's geolocation to allow them to play from anywhere. It may also let them compromise other players' accounts by using keyloggers. According to the Security Response Center report, "The actor’s activity is limited to the gaming sector specifically in China and does not appear to target enterprise environments." It also states that the driver must be manually installed to be effective. Sompong Lekhawattana / Getty Images Unless a system has already been compromised and granting admin access to an attacker, or the user themselves does it on purpose, there is no real risk. Microsoft also says that the driver and its associated files will be detected and blocked by MS Defender for Endpoint. If you think you may have downloaded or installed this driver, you can check "Indicators of Compromise" in the Security Response Center report. Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire What Is Windows Hardware Quality Labs (WHQL)? How to Fix Glut32.dll Not Found or Missing Errors How to Fix Incorrect Windows 11 Audio Icons DriversCloud v11 Review (A Free Driver Update Program) Latest Windows 10 Drivers (October 21, 2022) How to Fix a Connection-Is-Not Private Error NVIDIA GeForce Video Card Drivers v517.48 (2022-09-27) How to Fix Libmysql.dll Not Found or Missing Errors How to Fix Sdl.dll Not Found or Missing Errors How to Fix Secur32.dll Not Found or Missing Errors How to Fix Rgss102e.dll Not Found or Missing Errors How to Fix Cygwin1.dll Not Found or Missing Errors How to Fix Msxml3.dll Not Found or Missing Errors How to Fix Nvcpl.dll Not Found or Missing Errors How to Fix 'Engine.dll Not Found or Missing' Errors How to Fix Netapi32.dll Not Found or Missing Errors Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies