G-Data: Microsoft signed driver with rootkit – update

Spread the love

Microsoft signed a driver that turned out to contain a rootkit and forwarded traffic to a Chinese IP address. This is reported by the German company G-Data. In the meantime, Microsoft has labeled the driver as malware in Windows Defender and has launched an investigation.

According to malware analyst Karsten Hahn, the network filter’s rootkit driver redirects traffic to a Chinese IP address. A whois query revealed that this address belongs to a Chinese company that the US Department of Defense says may be associated with the Chinese Communist Party.

“The main functionality of the rootkit driver is to redirect traffic. But the driver can also update itself,” Hahn said. “We reported this issue to Microsoft, who promptly labeled the driver as malware in Windows Defender and launched an internal investigation into how this could have happened.”

Update, Tuesday 12.35: Microsoft has acknowledged the issue and provided more details.

You might also like