Microsoft says a driver signed by the company turned out to be a malicious Windows rootkit. The rogue code signing was spotted by Karsten Hahn, a malware analyst at German cybersecurity company G Data. The rootkit, called “Netfilter,” is said to target gaming environments, specifically in China. Microsoft dubbed the malware “Retliften,” alluding to “netfilter” but spelled backwards, adding the malicious driver can intercept network traffic, add new root certificates, set a new proxy server, and modify internet settings without user’s consent.
Source: https://thehackernews.com/2021/06/hackers-trick-microsoft-into-signing.html