100 malicious drivers signed by Microsoft detected
Sophos experts have discovered 100 malicious drivers signed by Microsoft Windows Hardware Compatibility Publisher (WHCP). Most are so-called "EDR killers" specifically designed to attack and terminate various EDR/AV software on victims' systems. Sophos X-Ops has detected 133 malicious drivers signed with legitimate digital certificates; 100 of them were signed by the Microsoft Windows Hardware Compatibility Publisher (WHCP). Drivers signed by WHCP are fundamentally trusted by every Windows system, allowing attackers to install them without raising an alarm and then carry out malicious activities virtually unhindered….