[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuqzMEcuKsIU3et7EsOo8-oldjVgUD3K15Z7uk-zDL8I":3},{"article":4,"iocs":43},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":26,"category":27,"article_tags":30},"9ac02120-8c76-41c2-9e88-395c19d9ffc8","We identified a WHQL-signed kernel driver keylogger, likely deployed as an anti-cheat BYOVD\n\nSHA2...","we-identified-a-whql-signed-kernel-driver-keylogger-likely-deployed-as-an-anti-c-018a0a","We identified a WHQL-signed kernel driver keylogger, likely deployed as an anti-cheat BYOVD\n\nSHA256\nbb1b4e46f1e4a7f17b1b04ee08c33400b2b6fd2327612a4d84da81e2656ba48b\nSignatureSpcSpOpusInfo=Xryus Technologies.\n\nStealth\n- APIs resolution by hashing\n- XOR-obfuscated strings\n- https:\u002F\u002Ft.co\u002F6wHNVijpMd","Security researchers identified a Windows Hardware Quality Labs (WHQL)-signed kernel driver that functions as a keylogger, apparently leveraged through a Bring Your Own Vulnerable Driver (BYOVD) technique for anti-cheat purposes. The malware, signed by Xryus Technologies, employs stealth techniques including API hashing and XOR string obfuscation. This represents a sophisticated privilege escalation attack exploiting legitimate driver signing mechanisms.","WHQL-signed kernel driver keylogger discovered, likely deployed via BYOVD anti-cheat abuse.",null,"https:\u002F\u002Fx.com\u002Fnextronresearch\u002Fstatus\u002F2060014483242651694","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHJajs5FXMAA3Pez.png","2026-05-28T15:05:00+00:00","2026-05-28T16:00:14.420035+00:00",9,[18,21,24],{"name":19,"type":20},"Xryus Technologies","vendor",{"name":22,"type":23},"BYOVD (Bring Your Own Vulnerable Driver)","technology",{"name":25,"type":23},"WHQL (Windows Hardware Quality Labs)","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":26,"icon":11,"name":28,"slug":29},"Malware","malware",[31,36,38],{"category":32},{"id":33,"icon":11,"name":34,"slug":35},"574f766a-fb3f-487c-8d2c-0720ae75471b","Zero-day","zero-day",{"category":37},{"id":26,"icon":11,"name":28,"slug":29},{"category":39},{"id":40,"icon":11,"name":41,"slug":42},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[44,48],{"type":45,"value":46,"context":47},"hash_sha256","bb1b4e46f1e4a7f17b1b04ee08c33400b2b6fd2327612a4d84da81e2656ba48b","WHQL-signed kernel driver keylogger with Xryus Technologies signature",{"type":29,"value":49,"context":50},"WHQL-signed kernel keylogger","Stealth driver with API hashing and XOR obfuscation, BYOVD deployment vector"]