Home / Companies / Crowdstrike / Blog / Post Details
Content Deep Dive

Leftover Lunch: Finding, Hunting and Eradicating Spicy Hot Pot, a Persistent Browser Hijacking Rootkit

Blog post from Crowdstrike

Post Details
Company
Date Published
Author
Spicy Hot Pot Comparing
Word Count
4,626
Company Posts That Month
Language
English
Hacker News Points
-
Post removed?
No
Summary

The blog post discusses the discovery and analysis of a persistent browser hijacking rootkit called "Spicy Hot Pot," which primarily targets Chinese users by altering user homepages and evading detection through kernel-mode drivers. These drivers stealthily intercept security software callbacks and enable the malware to update itself, making it difficult to remove with conventional methods. CrowdStrike Falcon's detection and response capabilities were employed to identify the infection, revealing that the rootkit was distributed through tools used to illegitimately activate Microsoft products. The post details the technical aspects of the rootkit's operation, its distribution methods, and suggests remediation strategies, emphasizing the importance of monitoring unknown executables and loaded drivers to prevent such threats.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Real-time 7 1,659 640 46 +203%
AI Agents 1 2,394 1,321 1 -
Zero Trust 1 1,843 1,331 3 +61333%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.