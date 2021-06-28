Code signing is the process of digitally signing executables and scripts to confirm the software’s publisher and assure users that code has not been tampered with or corrupted. The operating system uses code signing to help users avoid malicious software.

Unfortunately Microsoft mistakenly signed a malicious driver for Windows which contains a malware rootkit. Apparently the third party driver, called Netfilter, is communicating with Chinese command and control servers, according to a report. Security researcher Karsten Hahn first discovered the malicious driver last week, the report said.

Last week, security researchers reported what appeared to be a “false positive,” but it wasn’t. The “Netfilter” driver has been seen communicating with command and control servers based in China. It is unclear how the driver containing the rootkit malware managed to get through Microsoft’s certificate signing process, although the company said it was investigating what happened and would “refine” the signing process. Furthermore, there is no evidence that the malware developers stole Microsoft’s certificates. Microsoft believes this was not the work of state-sponsored hackers.

The creator of the driver, named Ningbo Zhuo Zhi Innovation Network Technology, was working with Microsoft to investigate and fix any security flaws, including affected hardware. However, users will get clean drivers through Windows updates. Microsoft said the driver with the malware had little impact and was aimed at gamers. However, it is not known whether it has compromised any corporate users.

Source: G Data Software