Microsoft officially approved this extremely dangerous door-opening malware

A product that was originally marketed as a security product has been discovered to be malicious malware that injects a kernel-level infection that makes the device susceptible to further attacks.

2

A new investigative report into the malware called HotPages revealed researchers notified Microsoft of the malicious software on March 18, and it has since been removed from the Windows Server Catalog of where it was once approved on May 1. However, up until that point, HotPage was presumably delivered to its victims as a security product, masquerading as an ad blocker called DWAdsafe for internet cafes in China.

HotPage contained malicious code that dropped a vulnerable system-level driver that could enable any attacker with the highest level privilege to execute new malicious code within a device. Additionally, the malware didn't even remove ads; it instead intercepted web traffic and redirected and manipulated content within a victim's browser. The malware hooked Windows API functions to intercept and modify browser activity to collect information on the victim, which was then sent back to the HotPage creator's server.

The main concern here is how Microsoft's code-checking process enabled such malicious malware to be signed off and enter the Windows Server Catalog.

"In a rather simple scenario a shady company would develop a legitimate computer software, which would go through the driver-signing requirements. Later on, the editor could covertly introduce a backdoor, either through new functionalities or by intentionally introducing a vulnerability. HotPage (or DWAdsafe), posed as a security product to block ads, and so possesses interception functionalities. Here, the problem lies in the way the software can be configured and misused," said Romain Dumont, malware researcher for ESET

"I don't think a bulletproof process exists," Dumont says. "A naive approach would be to do a background check on companies and verify that the advertised functionalities correspond to the actual functionalities through a security assessment. Microsoft could ask for a certain level of transparency regarding the intended purpose of the software and the required functionalities to achieve it. The more functionalities an editor needs, the more tests they should pass. But let's face it, it's a difficult and time-consuming task."