ESET Research
ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver
05 Sep 2024
 •Â
,
1 min. read
Usually when someone mentions adware, people think of low-quality half-baked malicious code used to spam victims with sketchy ads. But as we explain in this episode of our podcast, not all adware is created equal. HotPage is a recently discovered trojan using a vulnerable, Microsoft-signed, kernel driver to inject and manipulate what victims see in their browsers.
In their conversation, host ESET Distinguished Researcher Aryeh Goretsky and his guest ESET Principal Threat Intelligence Researcher Robert Lipovsky, compare HotPage to other threats, especially infostealing malware, which typically has a similar level of sophistication but is far more dangerous. Both also elaborate on the process the creators of this adware must have gone through to get their driver signed by Microsoft.Â
Another interesting thing about HotPage is that it is a trojan by its very definition. Advertised as security solution and ad blocking software for Chinese internet cafes, it delivers the exact opposite, spamming users with scores of ads and leaving the door open for other threat actors to run other malicious code. Based on its regional and vertical targeting, HotPage seems to be designed to go after Chinese gamers.
In the episode, listeners will also hear details on how ESET mitigated HotPage, actionable advice on how to avoid the threat on user-end, and what to do if one suspects to be infected by it.
For detailed report on HotPage and other threat actor activities, follow ESET research on X (formerly known as Twitter), and check out our latest blogposts and white papers on WeLiveSecurity.com. If you like what you hear, subscribe for more on Spotify, Apple Podcasts, or PodBean.