ESET Analysis
ESET researchers focus on HotPage, a not too long ago found adware armed with a highest-privilege, but susceptible, Microsoft-signed driver
05 Sep 2024
•
,
1 min. learn
Normally when somebody mentions adware, individuals consider low-quality half-baked malicious code used to spam victims with sketchy adverts. However as we clarify on this episode of our podcast, not all adware is created equal. HotPage is a not too long ago found trojan utilizing a susceptible, Microsoft-signed, kernel driver to inject and manipulate what victims see of their browsers.
Of their dialog, host ESET Distinguished Researcher Aryeh Goretsky and his visitor ESET Principal Menace Intelligence Researcher Robert Lipovsky, examine HotPage to different threats, particularly infostealing malware, which usually has an analogous stage of sophistication however is way extra harmful. Each additionally elaborate on the method the creators of this adware will need to have gone by means of to get their driver signed by Microsoft.
One other fascinating factor about HotPage is that it’s a trojan by its very definition. Marketed as safety resolution and advert blocking software program for Chinese language web cafes, it delivers the precise reverse, spamming customers with scores of adverts and leaving the door open for different menace actors to run different malicious code. Primarily based on its regional and vertical focusing on, HotPage appears to be designed to go after Chinese language players.
Within the episode, listeners may also hear particulars on how ESET mitigated HotPage, actionable recommendation on the right way to keep away from the menace on user-end, and what to do if one suspects to be contaminated by it.
For detailed report on HotPage and different menace actor actions, comply with ESET research on X (formerly known as Twitter), and take a look at our newest blogposts and white papers on WeLiveSecurity.com. For those who like what you hear, subscribe for extra on Spotify, Apple Podcasts, or PodBean.
