Watch out — this fake ad blocker might actually end up infecting your device with malware
HotPage is a lot more than just a piece of adware
Imagine installing an ad blocker that ends up displaying even more adware. To make matters worse, this “ad blocker” also steals sensitive data from the device it’s installed on, and even allows other malicious actors to run code with elevated privileges.
This is exactly what HotPage, a new adware module recently discovered by cybersecurity researchers ESET, can apparently do. In its analysis, ESET said it first spotted HotPage in late 2023 masquerading as an ad blocker, but during the installation, it "deploys a driver capable of injecting code into remote processes, and two libraries capable of intercepting and tampering with browsers' network traffic."
As a result, the malware can modify, or fully replace, the contents of a page the victim is trying to visit. It can redirect them to an entirely different page, or open a new page in a new tab, if needed.
Displaying ads, grabbing data, deploying malware
The core goal of HotPage is to display game-related ads, the researchers said. However, it can also grab system information, and send it to a remote server registered to a Chinese company Hubei Dunwang Network Technology Co., Ltd, which suggests that the campaign is of Chinese origin. Ultimately, the malware also allows non-privileged account holders to elevate their privileges and run code as the NT AUTHORITY\System account.
"This kernel component unintentionally leaves the door open for other threats to run code at the highest privilege level available in the Windows operating system: the System account," the researchers said in their writeup. "Due to improper access restrictions to this kernel component, any processes can communicate with it and leverage its code injection capability to target any non-protected processes."
ESET concluded its writeup by saying that HotPage looks generic enough, but is in fact quite sophisticated.
More from TechRadar Pro
- Cisco patches IOS XE zero-days used to hack over 50,000 devices
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.