Microsoft confirms Chinese malware within gaming environments

In a major technology breach, global tech giant Microsoft has confirmed signing a malicious driver being distributed within gaming environments. The US major has claimed that the malware driver, called ‘Netfilter’, is a rootkit that was detected communicating with Chinese command-and-control (C2) IPs.

According to G Data malware analyst Karsten Hahn, the top techies first took notice of this event last week and later they were joined in by the wider infosec community in tracing and analysing the malicious drivers bearing the seal of Microsoft.

Top analysts believe that the incident has once again exposed threats to software supply-chain security, except this time it stemmed from a weakness in Microsoft’s code-signing process. Microsoft said it is actively investigating this incident, although thus far, there is no evidence that stolen code-signing certificates were used.

Advertisement

‹

EVENT

Saksham Bharat 2026

A multi-stakeholder dialogue on skilling gap in Cybersecurity, Data Resilience and AI — and the roadmap to a Saksham Bharat.

📅 Tue, 26 May 2026

📍 Mumbai, Bengaluru, Delhi

Register Now →

EVENT

VeeamON 2026 Tour India - Mumbai

A VeeamON 2026 India Leadership Series Mumbai for senior public sector and government technology leaders.

📅 Tue, 26 May 2026

📍 Grand Hyatt, BKC

Register Now →

EVENT

Cyber Surakshit Uttar Pradesh

Find out strategies, frameworks and solutions for building a resilient and secure digital ecosystem across Uttar Pradesh.

📅 Thu, 28 May 2026

📍 Lucknow

Register Now →

EVENT

VeeamON 2026 Tour India - Bengaluru

A VeeamON 2026 India Leadership Series Bengaluru for senior public sector and government technology leaders.

📅 Wed, 03 Jun 2026

📍 JW Marriott Hotel

Register Now →

EVENT

VeeamON 2026 Tour India - Delhi

A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.

📅 Fri, 19 Jun 2026

📍 Shangri-La Eros

Register Now →

EVENT

Infosec Reimagined

Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.

📅 Fri, 26 Jun 2026

📍 New Delhi

Register Now →

EVENT

Digital Senate

Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.

📅 Thu, 30 Jul 2026

📍 New Delhi

Register Now →

EVENT

CIO Prism

CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.

📅 Fri, 18 Sep 2026

📍 Goa

Register Now →

›

The mishap seems to have resulted from the threat actor following Microsoft’s process to submit the malicious Netfilter drivers and managing to acquire the Microsoft-signed binary in a legitimate manner.

“Microsoft is investigating a malicious actor distributing malicious drivers within gaming environments,” the company was quoted as saying by the website.

“We have suspended the account and reviewed their submissions for additional signs of malware,” Microsoft said.

According to Microsoft, the threat actor has mainly targeted the gaming sector specifically in China with these malicious drivers and there is no indication of enterprise environments having been affected so far.