Winsage
July 18, 2024
ESET discovered the HotPage malware, initially detected as adware, which was developed by a Chinese company called Hubei Dunwang Network Technology Co. The malware, disguised as an "internet café security solution," had a kernel component that allowed other threats to run code at the highest privilege level in the Windows operating system. The driver was removed from the Windows Server Catalog after ESET reported it to Microsoft. The Chinese company went through the necessary steps to obtain an Extended Verification certificate from Microsoft. The malware collects information, injects libraries into browser applications, and can allow attackers to escalate their privileges to run code as NT AUTHORITY/Systems.