Analysts noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that was dubbed Demodex, and a sophisticated multi-stage malware framework aimed at providing remote control over the attacked servers. The former is used to hide the user mode malware's artefacts from investigators and security solutions, while demonstrating an interesting undocumented loading scheme involving the kernel mode component of an open-source project named Cheat Engine to bypass the Windows Driver Signature Enforcement mechanism.
Login to the community
No account yet? Create an account
LoginCUSTOMER / CYMULATE EMPLOYEE LOGIN
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.