Microsoft tests drivers before assigning digital certificates that it approves to be installed by default. Somehow, a driver called Netfilter, which redirects traffic to Chinese IPs and installs a root certificate in the registry, passed the test without being detected as malware.

Karsten Hahn, a malware analyst at G Data, discovered the malicious driver and notified Microsoft. Microsoft has also suspended the account that submitted the driver and is currently looking into past submissions.

Microsoft's Security Response Center team described the malware's activity as "specifically limited to the Chinese gaming sector" and described its purpose as follows This malware allows them to gain an advantage in the game and also exploit other players by compromising their accounts using common tools such as keyloggers."

How did this happen? Windows users "have no other course of action for customers to take other than to follow security best practices and install anti-virus software such as Windows Defender for Endpoint."