Rootkit
NetfilterRootkit
NetfilterRootkit is a WFP application layer enforcement callout driver which is signed by Microsoft via the Windows Hardware Compatibility program.
NetfilterRootkit is a Windows rootkit.
Background
NetfilterRootkit is a WFP application-layer enforcement callout driver that carries a Microsoft signature obtained through the Windows Hardware Compatibility program. Karsten Hahn first identified it, and his team passed the sample to Microsoft, prompting Microsoft's investigation.
Once Karsten Hahn posted tweets and an article on the rootkit, Microsoft promptly published its own writeup. Their analysis showed that Chinese gamers were the intended targets. The rootkit reroutes traffic to the attacker's IP, letting the operator falsify their geo-location to cheat while also enabling the takeover of targeted players' accounts.
Although this specific rootkit no longer matters much, comparable rootkits have appeared since, likewise signed by Microsoft under the Windows Hardware Compatibility program.
Source: Malpedia (Fraunhofer FKIE).