Microsoft has now confirmed signing a malicious driver being distributed within gaming environments.
This driver, called “Netfilter,” is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs.
G Data malware analyst Karsten Hahn first took notice of this event last week and was joined by the wider infosec. community in tracing and analyzing the malicious drivers bearing the seal of Microsoft.
It turns out, the C2 infrastructure belongs to a company classified under “Communist Chinese military” by the US Department of Defense.
This incident has once again exposed threats to software supply-chain security, except this time it stemmed from a weakness in Microsoft’s code-signing process.