The Hacker News

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...
WeLiveSecurity

Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication

The mysterious Avatar rootkit, detected by ESET as Win32/Rootkit.Avatar, appears to reflect a heavy investment in code development, with an API and a SDK available, plus an interesting abuse of Yahoo ...
Threat Post

Possible New Rootkit Has Drivers Signed by Realtek

Gostev said that one possible explanation for the digitally signed drivers is that they’re legitimate components of the software on a USB drive that have characteristics of a rootkit. The new Trojan ...
Dark Reading

Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious Rootkit

Microsoft is refining its policies and processes for certifying drivers through its Windows Hardware Compatibility Program (WHCP) after a recent incident in which the company appears to have ...
SecurityWeek

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.
ZDNet

Hackers somehow got their rootkit a Microsoft-issued digital signature

Cybersecurity researchers at Bitdefender have detailed how cyber criminals have been using FiveSys, a rootkit that somehow made its way through the driver-certification process to be digitally signed ...