Microsoft signed a driver being distributed within gaming environments that turned out to be a malicious network filter rootkit. The driver, called Netfilter, is a rootkit that talks to Chinese C2 IPs and aims to spoof gamers geo-locations to cheat the system and play from anywhere. Microsoft has suspended the malicious-driver-disseminating account and reviewed the threat actor s submissions for additional signs of malware. The threat actor submitted drivers for certification through the Windows Hardware Compatibility Program.
Source: https://threatpost.com/microsoft-malicious-rootkit-gaming/167323/