Cybercriminals were able to trick their way into Microsoft’s secure ecosystem using malicious software disguised as a normal application. This became known thanks to an investigation conducted by cybersecurity experts from Eset.

Image source: Copilot

Dubbed DWAdsafe and originally discovered in late 2023, the malware masquerades as a HotPage.exe installer that purports to improve website performance and block ads. However, in reality, DWAdsafe injects code into system processes and intercepts browser traffic, redirecting users to game-related advertisements.

As reported by TweakTown, citing a study by Eset antivirus software developers, the malware could change, replace or redirect web traffic and open new tabs, depending on certain conditions. It is interesting that the built-in HotPage.exe driver was approved and signed by Microsoft, although it belonged to the Chinese company Hubei Dunwang Network, about which almost nothing was known.

Image Source: Welivesecurity.com

The investigation also found that the software, advertised as an “internet café security solution,” targeted Chinese-speaking users and collected computer data for statistical purposes, which was then redirected to the DWAdsafe developers’ server.

The concern is that Microsoft’s review and approval process allowed a malicious application to enter the Windows Server directory. Romain Dumont, one of the Eset researchers, commented on the situation: “I don’t think there is a completely reliable process for checking all the companies’ data and whether the declared functions of the software correspond to the actual functions. Microsoft could do more thorough checks, but let’s face it: it’s a difficult and time-consuming task.”

Eset reported the malware to Microsoft on March 18, 2024. The software giant removed the problematic product from the Windows Server catalog on May 1, 2024. Eset has since labeled this threat as Win{32|64}/HotPage.A and Win{32|64}/HotPage.B.

admin

Share
Published by
admin

Recent Posts

Apple to Change OS Numbering: iOS 26 to Come This Year Instead of iOS 19

Apple is preparing a large-scale rebranding of its line of operating systems. This was reported…

16 hours ago

The Witcher 3: Wild Hunt has matched Skyrim in sales, and every third Cyberpunk 2077 owner has bought the Phantom Liberty add-on

The cult open-world action role-playing game The Witcher 3: Wild Hunt, which recently celebrated its…

16 hours ago

Analysts predict absurd surge in PC sales due to Trump’s indiscriminate tariffs

IDC analysts unexpectedly concluded that the current unstable tariff policy of the US administration will…

16 hours ago

Adata XPG Mars 980 Blade PCIe 5.0 SSD Review: Affordable SM2508 Flagship

The first consumer SSDs with PCIe 5.0 interface appeared on the market about two years…

16 hours ago

Electronic Arts to Focus on Key Franchises — Black Panther Action Game Cancelled, Cliffhanger Games Studio Closed

The IGN portal, citing internal correspondence from Electronic Arts, reported that the American publisher has…

16 hours ago

Study: Apple C1 mobile modem falls short of Qualcomm modems in terms of connection quality in difficult conditions

A study by Cellular Insights Inc. found that Qualcomm's mobile modems perform better than Apple's…

2 days ago