all InfoSec news
Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes
July 11, 2023, 6:16 p.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
- Cisco Talos has identified multiple versions of an undocumented malicious driver named “RedDriver,” a driver-based browser hijacker that uses the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver has been active since at least 2021.
- RedDriver utilizes HookSignTool to forge its signature timestamp to bypass Windows driver-signing policies.
- Code from multiple open-source tools has been used in the development of RedDriver's infection chain, including HP-Socket and a custom implementation of ReflectiveLoader.
- The authors of RedDriver appear to be skilled …
browser browser hijacker bypass chinese cisco cisco talos driver forge intercept internet malicious platform policies signature signing speakers talos traffic windows windows driver
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Network Security Engineer – Zscaler SME
@ Peraton | United States
Splunk Data Analytic Subject Matter Expert
@ Peraton | Woodlawn, MD, United States
Principal Consultant, Offensive Security, Proactive Services (Unit 42)- Remote
@ Palo Alto Networks | Santa Clara, CA, United States
Senior Engineer Software Product Security
@ Ford Motor Company | Mexico City, MEX, Mexico
Information System Security Engineer (Red Team)
@ Evolution | Riga, Latvia