"HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver"

ESET researchers discovered an adware module that appears to block ads and malicious websites but stealthily offloads a kernel driver component that lets attackers run arbitrary code with elevated permissions on Windows hosts. The malware's name, "HotPage," stems from the installer "HotPage.exe." According to ESET researcher Romain Dumont, the installer launches a driver that injects code into remote processes and two libraries that can intercept and tamper with browsers' network traffic. This article continues to discuss findings regarding the HotPage malware.

THN reports "HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver"

Submitted by grigby1

Submitted by Gregory Rigby on