A new password-and-data-stealing operation based around a rootkit driver digitally signed with a possibly stolen certificate recently. Operators of this rootkit-enabled spyware are continuously testing new components on already-infected users and regularly making minor improvement to old components. After initially targeting China, this group is now targeting victims worldwide.
The operation is capable of the following:
Indicators of Compromise
Malware Hash (MD5/SHA1/SH256)