Ransomware abuses Genshin Impact’s kernel-mode anti-cheat to bypass virus protection

Ransomware abuses Genshin Impact’s kernel-mode anti-cheat to bypass virus protection

Ransomware abuses Genshin Impact’s kernel-mode anti-cheat to bypass virus protection

Skeptics and security advocates have been concerned for some time now that exploits capable of taking advantage of kernel-mode anti-cheat drivers could wreak serious havoc on PC security. Now, it seems to have happened: the anti-cheat driver used by Genshin Impact, the popular free-to-play RPG, has been abused by a ransomware actor to shut down antivirus processes and allow their ransomware to be massively deployed.

A new white paper published on August 24 for Trend Micro (opens in a new tab) explains how the perfectly legitimate mhyprot2.sys driver was used, in the absence of any other part of Genshin Impact, to gain root access to a system.

Leave a Reply

Your email address will not be published.