For HomeFor BusinessFor Partners
Anti-Malware Research Whitepapers
1 min read

Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions

Cristian Alexandru ISTRATEBalazs BIROClaudiu COBLIȘ

October 20, 2021

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions

More than a decade ago, rootkits were the apex predators of cybercrime. These clandestine computer programs were built to offer attackers an uninterrupted foothold onto victims’ computers and conceal malicious activities from the operating system as well as from antimalware solutions.

For the past few months, Bitdefender researchers have seen a surge in malicious drivers with valid digital signatures issued through the WHQL signing process.

This research focuses on FiveSys – a digitally signed rootkit that made its way through the driver certification process.

Key Findings

  • Bitdefender researchers have identified a rootkit with a Microsoft-issued digital signature;
  • The rootkit is used to proxy traffic to Internet addresses that interest the attackers.
  • We assume that the rootkit targets online games with the main goal of credential theft and in-game-purchase hijacking
  • The rootkit has been targeting computer users for more than a year now
  • Rootkit spreading is limited to China and we presume that it is operated by a threat actor with significant interest in the market.

Indicators of Compromise

An up-to-date and complete list of indicators of compromise is available to Bitdefender Advanced Threat Intelligence users. The currently known indicators of compromise can be found in the whitepaper below.

Download the full whitepaper

tags

Anti-Malware Research Whitepapers

Author

Cristian Alexandru ISTRATE

Cristian Alexandru ISTRATE

I am a security researcher at Bitdefender investigating Windows malware, (particularly rootkits), and developing forensics tools.

View all posts
Balazs BIRO

Balazs BIRO

I'm a security researcher at Bitdefender with a focus on threats like rootkits and bootkits. I'm also passionate about Automotive Communication Protocols and Real Time Embedded Systems.

View all posts
Claudiu COBLIȘ

Claudiu COBLIȘ

I'm a security researcher at Bitdefender working on cybercrime investigations and developing tools to help with malware and forensics analysis. In my free time, I learn new things and play video games

View all posts

Right now Top posts

Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware
Anti-Malware Research

Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware

June 08, 2023

5 min read
Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series
IoT Research Whitepapers

Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series

May 02, 2023

2 min read
EyeSpy - Iranian Spyware Delivered in VPN Installers
Anti-Malware Research Whitepapers

EyeSpy - Iranian Spyware Delivered in VPN Installers

January 11, 2023

2 min read
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
Anti-Malware Research Free Tools

Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor

January 05, 2023

1 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Inside Bitdefender Labs’ Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Anti-Malware Research

Inside Bitdefender Labs’ Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Andrei ANTON-AANEIAlina BÎZGĂ

November 18, 2024

6 min read
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
Anti-Malware Research

Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Anti-Malware Research Whitepapers

Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender

May 22, 2024

2 min read

Bookmarks

loader