Watch out — this fake ad blocker might actually end up infecting your device with malware

News
By published

HotPage is a lot more than just a piece of adware

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

Imagine installing an ad blocker that ends up displaying even more adware. To make matters worse, this “ad blocker” also steals sensitive data from the device it’s installed on, and even allows other malicious actors to run code with elevated privileges.

This is exactly what HotPage, a new adware module recently discovered by cybersecurity researchers ESET, can apparently do. In its analysis, ESET said it first spotted HotPage in late 2023 masquerading as an ad blocker, but during the installation, it "deploys a driver capable of injecting code into remote processes, and two libraries capable of intercepting and tampering with browsers' network traffic." 

As a result, the malware can modify, or fully replace, the contents of a page the victim is trying to visit. It can redirect them to an entirely different page, or open a new page in a new tab, if needed.

Displaying ads, grabbing data, deploying malware

The core goal of HotPage is to display game-related ads, the researchers said. However, it can also grab system information, and send it to a remote server registered to a Chinese company Hubei Dunwang Network Technology Co., Ltd, which suggests that the campaign is of Chinese origin. Ultimately, the malware also allows non-privileged account holders to elevate their privileges and run code as the NT AUTHORITY\System account. 

"This kernel component unintentionally leaves the door open for other threats to run code at the highest privilege level available in the Windows operating system: the System account," the researchers said in their writeup. "Due to improper access restrictions to this kernel component, any processes can communicate with it and leverage its code injection capability to target any non-protected processes."

ESET concluded its writeup by saying that HotPage looks generic enough, but is in fact quite sophisticated.

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A padlock resting on a keyboard.
Understanding and avoiding malvertizing attacks
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
Latest in Security
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
Latest in News
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
Kindle de Amazon
The latest Kindle update finally fixes page turning – and adds the perfect reading tool for my sieve-like brain
Waze voice control
Waze is ditching Google Assistant for Gemini on iOS, and for good reasons
More about security
NHS

NHS IT supplier hit with major fine following ransomware attack
Data leak

Top home hardware firm data leak could see millions of customers affected
A digital representation of a lock

NYU website defaced as hacker leaks info on a million students
See more latest
Most Popular
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
Sama virtual assistant
Speak, Book, Fly. Qatar Airways debuts industry-first AI travel agent, Sama
An Apple Lumon Terminal Pro computer next to a keyboard with Severance-themed keycaps
You sadly can't buy Apple's Lumon Terminal Pro computer, but here's where to get the Severance-style keycaps
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Kindle de Amazon
The latest Kindle update finally fixes page turning – and adds the perfect reading tool for my sieve-like brain
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
Apple iPad Pro 13-inch (2024)
iPadOS 19: 4 rumored new features, and 2 I’d like to see
Apple Watch Ultra 2 displaying a step count and distance
Using a smartwatch could be a game-changer for people with diabetes, new research suggests