Man
Professional
- Messages
- 3,079
- Reaction score
- 615
- Points
- 113
Last week, ESET researchers reported how they discovered a new malware that disguised itself as an ad blocker, injected its own ad code into victims' browsers, redirected them to third-party sites, and opened new additional tabs. Users with Windows devices are at risk.
The malware is named HotPage after the HotPage.exe installer and is known to have been active since late 2023. The exact method by which the malware is distributed is unknown, but experts have found that it poses as an internet cafe tool that improves browsing and blocks ads.
The installed driver is capable of injecting code into remote processes, as well as intercepting and modifying browser network traffic. This allows the malware to change the displayed content of pages, redirect users to other sites, or open new tabs in browsers.
In addition, this malware is designed to collect system information and transmit it to a remote server, presumably owned by the Chinese company Hubei Dunwang Network Technology Co., Ltd.
A driver signed by Microsoft and recommended for use on Windows allowed attackers with unprivileged accounts to run code with elevated privileges. After the problem was discovered by ESET experts, the driver was removed from the Windows Server Catalog in May 2024. This once again confirms that adware developers are ready to take any risks. It also demonstrates the need to take care of the security of their devices and advertising campaigns from fraudulent traffic.
The malware is named HotPage after the HotPage.exe installer and is known to have been active since late 2023. The exact method by which the malware is distributed is unknown, but experts have found that it poses as an internet cafe tool that improves browsing and blocks ads.
The installed driver is capable of injecting code into remote processes, as well as intercepting and modifying browser network traffic. This allows the malware to change the displayed content of pages, redirect users to other sites, or open new tabs in browsers.
In addition, this malware is designed to collect system information and transmit it to a remote server, presumably owned by the Chinese company Hubei Dunwang Network Technology Co., Ltd.
A driver signed by Microsoft and recommended for use on Windows allowed attackers with unprivileged accounts to run code with elevated privileges. After the problem was discovered by ESET experts, the driver was removed from the Windows Server Catalog in May 2024. This once again confirms that adware developers are ready to take any risks. It also demonstrates the need to take care of the security of their devices and advertising campaigns from fraudulent traffic.
