It abuses features of a legitimate and open-source
2 signed driver named dbk64.sys which is shipped along with Cheat Engine, an application created to bypass video game protections and introduce cheats into them. This driver provides capability to write and execute code in kernel space by design, thus allowing it to run arbitrary code in kernel mode.
With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the threat GhostEmperor.
securelist.com