Bitdefender has released findings on a newly discovered rootkit called FiveSys with a Microsoft-issued digital signature.
The valid digital signature helps attackers bypass security measures such as antimalware and navigate around operating system restrictions on loading third-party modules into the kernel.
Once successfully loaded, FiveSys allows attackers to gain virtually unlimited privilege.
The FiveSys campaign has been active for more than a year targeting online gamers – likely for credential theft and in-game purchase hijacking.
The certification for the malware has been revoked, however, Bitdefender warns that the group will likely re-emerge, potentially targeting other regions.
