Threat Post

Possible New Rootkit Has Drivers Signed by Realtek

Gostev said that one possible explanation for the digitally signed drivers is that they’re legitimate components of the software on a USB drive that have characteristics of a rootkit. The new Trojan ...
WeLiveSecurity

Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication

The mysterious Avatar rootkit, detected by ESET as Win32/Rootkit.Avatar, appears to reflect a heavy investment in code development, with an API and a SDK available, plus an interesting abuse of Yahoo ...
ZDNet

Hackers somehow got their rootkit a Microsoft-issued digital signature

Cybersecurity researchers at Bitdefender have detailed how cyber criminals have been using FiveSys, a rootkit that somehow made its way through the driver-certification process to be digitally signed ...
Bleeping Computer

Lazarus hackers abuse Dell driver bug using new FudModule rootkit

The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack. The spear-phishing campaign ...
Dark Reading

Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious Rootkit

Microsoft is refining its policies and processes for certifying drivers through its Windows Hardware Compatibility Program (WHCP) after a recent incident in which the company appears to have ...
Digit

Microsoft signed a driver loaded with rootkit malware

Microsoft has admitted to signing a malicious driver that is being distributed within gaming environments. Microsoft usually tests the drivers before assigning them a digital certificate which ...
Redmond Magazine

Hackers Deploy Microsoft Digital Signature in Rootkit Attack

The rootkit FiveSys has been able to gain access to targeted systems thanks to the inclusion of a legitimate-looking Microsoft Windows Hardware Quality Labs Testing (WHQL) driver certificate. The ...