HotPage Story of a signed vulnerable ad-injecting driver
This report investigates a sophisticated Chinese browser injector called HotPage capable of injecting code into remote processes and intercepting network traffic to modify requested web pages redirect users or open new tabs based on rules. Despite claims of being a security solution HotPage leverages vulnerabilities to perform malicious ad injection. The driver signed by Microsoft leaves systems open to privilege escalation attacks due to improper access controls. The analysis uncovers the malwares components techniques and the mysterious company behind it.