🚨Demodex rootkit was detected 🚨

  • 7 October 2021
  • 0 replies
🚨Demodex rootkit was detected 🚨
Userlevel 5
Badge +3
  • Community Manager
  • 24 replies

Analysts noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that was dubbed Demodex, and a sophisticated multi-stage malware framework aimed at providing remote control over the attacked servers. The former is used to hide the user mode malware's artefacts from investigators and security solutions, while demonstrating an interesting undocumented loading scheme involving the kernel mode component of an open-source project named Cheat Engine to bypass the Windows Driver Signature Enforcement mechanism.

0 replies

Be the first to reply!