ESET Research Podcast: HotPage

Cyber Security

ESET Research

ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver

ESET Research Podcast: HotPage

Usually when someone mentions adware, people think of low-quality half-baked malicious code used to spam victims with sketchy ads. But as we explain in this episode of our podcast, not all adware is created equal. HotPage is a recently discovered trojan using a vulnerable, Microsoft-signed, kernel driver to inject and manipulate what victims see in their browsers.

In their conversation, host ESET Distinguished Researcher Aryeh Goretsky and his guest ESET Principal Threat Intelligence Researcher Robert Lipovsky, compare HotPage to other threats, especially infostealing malware, which typically has a similar level of sophistication but is far more dangerous. Both also elaborate on the process the creators of this adware must have gone through to get their driver signed by Microsoft. 

Another interesting thing about HotPage is that it is a trojan by its very definition. Advertised as security solution and ad blocking software for Chinese internet cafes, it delivers the exact opposite, spamming users with scores of ads and leaving the door open for other threat actors to run other malicious code. Based on its regional and vertical targeting, HotPage seems to be designed to go after Chinese gamers.

In the episode, listeners will also hear details on how ESET mitigated HotPage, actionable advice on how to avoid the threat on user-end, and what to do if one suspects to be infected by it.

For detailed report on HotPage and other threat actor activities, follow ESET research on X (formerly known as Twitter), and check out our latest blogposts and white papers on WeLiveSecurity.com. If you like what you hear, subscribe for more on Spotify, Apple Podcasts, or PodBean.

Products You May Like

Articles You May Like

How to Get Going with CTEM When You Don’t Know Where to Start
Separating the bee from the panda: CeranaKeeper making a beeline for Thailand
Why system resilience should mainly be the job of the OS, not just third-party applications
New MedusaLocker Ransomware Variant Deployed by Threat Actor
Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless

Leave a Reply

Your email address will not be published. Required fields are marked *