Microsoft has signed a rootkit driver that sends traffic to a Chinese IP address. This is reported by the German company Gdata. In the meantime, Microsoft has labeled the driver as malware in Windows Defender and has started an investigation into how the driver could get a signature.
According to malware analyst Karsten Hahn, the network filter’s rootkit driver redirects traffic to a Chinese IP address that, according to the WHOIS website, belongs to a Chinese company that the US Department of Defense says may be associated with the Chinese Communist Party.
“The main functionality of the rootkit driver is to redirect traffic. But the driver can also update itself,” Hahn said. “We reported this issue to Microsoft, who promptly labeled the driver as malware in Windows Defender and launched an internal investigation into how this could have happened.”