HotPage: Story of a signed, vulnerable, ad-injecting driver

Category: Cybersecurity

Malware research uncovered HotPage.exe, an installer that deploys a driver for code injection into remote processes and intercepts browser traffic. Initially detected as adware, it was found to have a Microsoft-signed driver from a Chinese company, which misrepresents itself as an internet café security solution while actually injecting ads and collecting user data. The driver allows unauthorized code execution at the SYSTEM level, posing significant security risks. Despite being reported to Microsoft, the driver was removed from the Windows Server Catalog, but the malware remains detectable by ESET technologies.

Keywords: Malware, Adware, Cyber Threats

Source: WeLiveSecurity

Update At: 7/19/2024

Related Sources

AT&T Confirms Data Breach Affecting Nearly All Wireless Customers

AT&T confirmed a data breach where threat actors accessed call and text interaction records of wireless customers, including location data. The breach involved a third-party cloud platform and is linked to other cyberattacks. The company is cooperating with law enforcement, and a suspect has been apprehended. The stolen data does not include personal information. Snowflake, the cloud provider, is implementing additional security measures. The cybercrime spree has affected multiple companies and demands for ransom have been made. Snowflake credentials were obtained from the dark web. Snowflake is enforcing mandatory multi-factor authentication to enhance security.

Internet

Statement on Falcon Content Update for Windows Hosts

CrowdStrike has addressed a defect affecting Windows hosts due to a content update, assuring customers that Mac and Linux systems are unaffected. A fix has been deployed, and customers are encouraged to use official communication channels for updates. The company is actively working with impacted customers to restore services and ensure system stability.

Axios

Google Nears $23 Billion Purchase Of Wiz: Reports - Security Boulevard

Alphabet Inc.’s Google is closing in on a $23 billion acquisition of cybersecurity firm Wiz, its largest purchase ever. Wiz's cloud-security product has drawn attention for detecting security flaws from other companies. Google's interest in Wiz is significant for its enterprise cloud security strategies.

Security Boulevard

Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages | WIRED

A group called NullBulge claims to have leaked a 1.1-TB trove of data from Disney's internal Slack archive, including unreleased projects, code, images, and login credentials. The hackers allege they had inside help, but Disney has not confirmed the breach. Security experts warn about the risks of compromised corporate Slack accounts.

WIRED

Disney Hack: Company Investigating After Internal Messages Leak

Disney appears to have been hacked by the hacktivist group 'Nullbulge', claiming to possess over one terabyte of data from the company, including internal Slack communications and images.

The Hollywood Reporter

Disney Investigating Possibly Major Slack Hack

Disney is investigating a reported hack of its internal Slack workplace messages by a group called Nullbulge, which claims to have hacked almost 10,000 channels at the media and entertainment giant. The hack includes unreleased projects, raw images, code, logins, and more. Nullbulge targeted Disney due to its handling of artist contracts, approach to AI, and disregard for consumers.

Deadline

Report: Disney Data Leaked After Hack of Its Slack System

Disney's Slack system suffered a hack with data leaked online, including discussions, job assessments, and photos. The hack was claimed by Nullbulge, known for using Trojan horse tactics. This incident follows a decade after Sony Pictures Entertainment's massive hack. The year has seen multiple cyberattacks, impacting eCommerce merchants and financial systems.

PYMNTS.com

Disney Says It's Investigating Reported 1.2TB Hack of Its Internal Documents - IGN

Disney is investigating a claim by a hacker group that they have stolen 1.2TB of internal data, including details about upcoming projects and collaborations. The hacker group, Nullbulge, has released thousands of messages from Disney's internal Slack channels, including information about unreleased projects and more.

IGN

Hacking group Nullbulge claims to have carried out major cyber attack on Disney - ABC News

Hacking group Nullbulge claims to have carried out a major cyber attack on Disney, leaking one terabyte of data containing unreleased projects, raw images, and code from Disney's internal Slack workplace. The group claims to protect artists' rights and ensure fair compensation. Disney is investigating the matter.

Australian Broadcasting Corporation

Disney's Internal Slack Message Data Leaked in Hack - Business Insider

Data leak from Disney's internal Slack by hacking group Nullbulge, claiming access to 10,000 channels and sensitive information. Disney investigating the matter.

Business Insider