Not defending kernel mode anticheats, but I think the bigger problem here is Windows’s Swiss cheese level kernel module management. Because apparently this whole fiasco is because the kernel module in question is “verified” by Microsoft, so it doesn’t need admin/UAC authorisation to install, a machanic which this malware exploits.
Not defending kernel mode anticheats, but I think the bigger problem here is Windows’s Swiss cheese level kernel module management. Because apparently this whole fiasco is because the kernel module in question is “verified” by Microsoft, so it doesn’t need admin/UAC authorisation to install, a machanic which this malware exploits.
More discussion here: https://infosec.exchange/@r000t/108890918411908350