Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that’s engineered to communicate with an actor-controlled attack infrastructure.
Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the FiveSys rootkit, which came to light in October 2021.
“This malicious actor originates from China and their main victims are the gaming sector in China,” Trend Micro’s Mahmoud Zohdy, Sherif Magdy, and Mohamed Fahmy said. Their malware seems to have passed through the Windows Hardware Quality Labs (WHQL) process for getting a valid signature.
