This report investigates a sophisticated Chinese browser injector called HotPage, capable of injecting code into remote processes and intercepting network traffic to modify requested web pages, redirect users, or open new tabs based on rules. Despite claims of being a security solution, HotPage leverages vulnerabilities to perform malicious ad injection. The driver, signed by Microsoft, leaves systems open to privilege escalation attacks due to improper access controls. The analysis uncovers the malware's components, techniques, and the mysterious company behind it.