Bitdefender Labs discovered the malware FiveSys, who has gone through the certification program of the Microsoft driver, receiving the digital signature. Something that prevents PC security measures from stopping malware in its tracks, with the risk that it will then give hackers free access to your computer.
Bitdefender finds FiveSys, a Microsoft digitally signed malware
Microsoft puts driver files through rigorous certification processes before allowing them to be downloaded as part of third party updates. But no computer system can be totally immune to hacker attacks. Malware rootkit FiveSys he hid his true nature throughout the verification process.
Something really dangerous. In fact, by receiving the Microsoft digital signature, the system does not block the program when attempts to load third party modules into the kernel, as well as nimbly bypassing the anti-malware system defenses. The result is that hackers could have been given potentially unlimited privileges.
Bitdefender has however noticed the problem a Microsoft Digital Crime Unit (DCU), Europol and FBI. The Redmond company then promptly revoked the certificates.
Potentially, FiveSys could be used as a proxy for traffic to ad hoc addresses created by hackers. According to what emerges from the Bitdefender survey, the campaign has targeted the online players in China, hijacking in-game purchases to steal credentials.
The probability that hackers will try again would be high according to the security agency, even in other countries. For this, Bitdefender recommends applying Indicators of Compromise for systems of Endpoint Detection and Response, the services of Management Detection Response and other security measures. This way you can be sure that the system was not attacked before the rectification. You can find these and other resources on the Bitdefender website.