The popular free-to-play game Genshin Impact was exploited by a ransomware operator to stop antivirus processes and distribute its malware undisturbed to a large number of target machines.
In essence, the exploit discovered strikes the game's anti-cheat kernel-mode drivers (a system designed to stop dishonest users using cheats to gain an advantage in game), as explained by Trend Micro in a recent whitepaper.
The driver used is the mhyprot2.sys file and allows root access to the system. A peculiar aspect, however, is that the game does not necessarily have to be installed on the PC for the exploit to be effective.
Obtaining the module is quite easy and remains available until it is deleted and, in any case, Geshin Impact's anti-cheat system was already under observation, as it continued to run at the kernel level even if the game was stopped. However, the developer changed it later.
Although kernel-level anti-cheat systems are very effective, they leave the door open to exploits of this type, should vulnerabilities be found, with potentially disastrous consequences, given the type of access they attackers can get.
In essence, the exploit discovered strikes the game's anti-cheat kernel-mode drivers (a system designed to stop dishonest users using cheats to gain an advantage in game), as explained by Trend Micro in a recent whitepaper.
The driver used is the mhyprot2.sys file and allows root access to the system. A peculiar aspect, however, is that the game does not necessarily have to be installed on the PC for the exploit to be effective.
Obtaining the module is quite easy and remains available until it is deleted and, in any case, Geshin Impact's anti-cheat system was already under observation, as it continued to run at the kernel level even if the game was stopped. However, the developer changed it later.
Although kernel-level anti-cheat systems are very effective, they leave the door open to exploits of this type, should vulnerabilities be found, with potentially disastrous consequences, given the type of access they attackers can get.