Microsoft tests drivers before assigning them a digital certificate approving the default installation. Somehow, a driver called Netfilter that redirects traffic to an IP in China and installs a root certificate in the registry managed to do so through this test without being detected as malware.
Karsten Hahn, a G Data malware analyst, found the malware and notified Microsoft that it "quickly added malware signatures to Windows Defender and is now conducting an internal investigation." Microsoft also suspended the account that sent the driver and is currently reviewing previous submissions.
From Microsoft The security response center team described the malware's activity as "limited to the gaming industry specifically in China" and explained its purpose: "The goal of the actor is to use the controller to fake their geolocation to trick the system and play from anywhere. Malware allows them to gain an edge in games and possibly exploit other players by compromising their accounts using common tools like keyloggers. "
How did this happen? Right now, no one knows. Windows users are advised: "There is no action that customers should take unless they follow best practices and deploy antivirus software such as Windows Defender for Endpoint."