Microsoft's digitally signed rootkit 'Five Sys' is spreading targeting Netoge



Researchers at BitDefender, an antivirus software maker, have pointed out the existence of

a malicious rootkit ' FiveSys' with a valid digital signature issued by Microsoft. A similar rootkit 'Netfilter ' was discovered in advance in June 2021, and there is concern that the number of digitally signed malware will increase in the future.

Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions
https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions/



In June 2021, security company G DATA revealed the existence of Microsoft's digitally signed malware, Netfilter. According to Microsoft, the signing infrastructure is not dangerous, but the malware is believed to have succeeded in legally obtaining a signed binary by sending a malicious driver according to Microsoft's process.

Microsoft turns out to have accidentally signed a rootkit by exploiting a weakness in the code signing process-GIGAZINE



The newly discovered 'Five Sys' is used for proxy traffic to Internet addresses desired by attackers, and is speculated to target online games to steal credentials and hijack in-game purchases. increase.

'Five Sys' has been around for about a year, but like 'Netfilter,' the spread area is limited to China, and it seems that it is operated by threat actors who have a great interest in the Chinese market.

Related Posts:

in Security, Posted by logc_nt