Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes

Cisco Talos has identified multiple versions of an undocumented malicious driver named “RedDriver,” a driver-based browser hijacker that uses the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver has been active since at least 2021.

RedDriver utilizes HookSignTool to forge its signature timestamp to bypass Windows driver-signing policies.

Read more…
Source: Talos