Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes

Cisco Talos has identified multiple versions of an undocumented malicious driver named "RedDriver," a driver-based browser hijacker that uses the Windows Filtering Platform WFP to intercept browser traffic. RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool to forge it...

Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers

Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015. Actors are leveraging multiple open-source tools that alter the signing date of kernel mode...