Windows Driver Signature Enforcement Loophole Exploited for Malware Persistence
An exploit has been discovered in a fundamental Windows security mechanism that mandates all kernel drivers to be digitally signed by Microsoft. The vulnerability exploits the loophole to forge signatures on maliciously modified drivers and researchers from Cisco Talos refer that hackers have automated this technique to evade anti-cheating and digital rights management (DRM) measures in games, and more alarmingly, to distribute highly persistent malware.
Talos researchers have identified a malware threat named RedDriver that takes advantage of the security loophole. RedDriver is specifically designed to hijack browser traffic by utilizing a driver that interacts with the Windows Filtering Platform (WFP). By doing so, the malware gains unauthorized access to and control over the internet traffic generated by the user’s browser, allowing it to carry out malicious activities and potentially compromise the user’s system.