Installing gaming drivers might leave your PC vulnerable to cyberattacks
If you’re using cheat programs when playing games on PC, you could be putting your computer at risk as vulnerabilities in signed drivers are most commonly used by game cheat developers to circumvent anti-cheat mechanisms.
However, they have also been observed being used by several advanced persistent threat (APT) groups according to a new report from ESET. The internet security company recently took a deep dive into the types of vulnerabilities that commonly occur in kernel drivers and it even found several vulnerable drivers in popular gaming software at the same time.
Unsigned drivers or those with vulnerabilities can often become an unguarded gateway to Windows’ core for malicious actors. While directly loading a malicious, unsigned driver is no longer possible in Windows 11 and Windows 10 and rootkits are considered to be a thing of the past, there are still ways to load malicious code into the Windows’ kernel especially by abusing legitimate, signed drivers.
In fact, there are many drivers from hardware and software vendors that offer functionality to fully access the kernel with minimal effort. During its research, ESET found vulnerabilities in AMD’s μProf profile software, the popular benchmarking tool Passmark and the system utility PC Analyser. Thankfully though, the developers of all of the affected programs have since released patches to fix these vulnerabilities after ESET contacted them.
Bring Your Own Vulnerable Driver
A common technique used by cybercriminals and threat actors use to run malicious code in the Windows Kernel is known as Bring Your Own Vulnerable Driver (BYOVD). Senior malware researcher at ESET, Peter Kálnai provided further details on this technique in a press release, saying:
“When malware actors need to run malicious code in the Windows kernel on x64 systems with driver signature enforcement in place, carrying a vulnerable signed kernel driver seems to be a viable option for doing so. This technique is known as Bring Your Own Vulnerable Driver, abbreviated as BYOVD, and has been observed being used in the wild by both high-profile APT actors and in commodity malware.”
Examples of malicious actors using BYOVD include the Slingshot APT group which implemented their main module Cahnadr as a kernel-mode driver that can be loaded by vulnerable signed kernel drivers as well as the InvisiMole APT group which ESET researchers discovered back in 2018. The RobinHood ransomware is yet another example that leverages a vulnerable GIGABYTE motherboard driver to disable driver signature enforcement and install its own malicious driver.
In a lengthy blog post accompanying its press release, ESET explained that virtualization-based security, certificate revocation and driver blocklisting are all useful mitigation techniques for those worried about the dangers posed by signed kernel drivers that have been hijacked by malicious actors.
We’ve also highlighted the best malware removal software, best endpoint protection software and best antivirus
Audio player loading… If you’re using cheat programs when playing games on PC, you could be putting your computer at risk as vulnerabilities in signed drivers are most commonly used by game cheat developers to circumvent anti-cheat mechanisms. However, they have also been observed being used by several advanced persistent…
Recent Posts
- Coding bootcamp Lambda School — now BloomTech — is finally getting punished
- Quordle today – hints and answers for Thursday, April 18 (game #815)
- NYT Strands today — hints, answers and spangram for Thursday, April 18 (game #46)
- Twitch is bringing its TikTok-style feed to everyone this month
- Sega is turning Golden Axe into an animated series
Archives
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011