We discovered a Windows rootkit loader [F1] for the malware family FK_Undead. The malware family is known for intercepting user network traffic through manipulation of proxy configurations. To the best of our knowledge the rootkit loader hasn’t been officially analyzed before. As required by any Windows kernel driver, the rootkit loader is validly signed with the Microsoft Windows Hardware Compatibility Publisher certificate (see thumbprint [T1]). It is compatible with different Windows versions and protected with VMProtect.
This article has been indexed from Security Blog G Data Software AG
Read the original article: