for you GI guys: the anti cheat software seems to open a door for ransomware hackers. The issue is said to be known for two years already. People cry about that, but that there was no big media buzz about thousands of computers hacked it seemed not to be a serious issue.
Anyways I want you guys to know..
During the last week of July 2022, a ransomware infection was triggered in a user environment that had endpoint protection properly configured. Analyzing the sequence, we found that a code-signed driver called “mhyprot2.sys”, which provides the anti-cheat functions for Genshin Impact as a device driver, was being abused to bypass privileges. As a result, commands from kernel mode killed the endpoint protection processes.
As of this writing, the code signing for mhyprot2.sys is still valid. Genshin Impact does not need to be installed on a victim’s device for this to work; the use of this driver is independent of the game.
- trendmicro.com blog, 24th August
Log in to comment