Categories
News

Genshin Impact anti-cheat software under fire after hackers allegedly exploited it to disable antivirus

Click Here to Watch this Event Live Online for Free!

Anti-cheat software is often needed to curb cheaters, but it can be exploited in a game like Genshin Impact. Hackers can apparently take advantage of this at the kernel level, and obviously for no good reason.

Most of the problem is related to a driver called mhyprot2.sys, which is used for Genshin Impact’s anti-cheat.

Several tech-based websites have reported that ransomware attacks have occurred with this driver being used to bypass privileges. Worse still, the game doesn’t need to be installed for this to happen. Unsurprisingly, this has led some people to kill their antivirus and install ransomware on their computers.


Information about questionable Genshin Impact anti-cheat software and how hackers can use it

youtube cover

The video above contains important excerpts from Trend Micro’s report on their findings. Here is a crucial passage from the Trend Micro report for readers to understand:

“Analyzing the sequence, we discovered that a code-signed driver called “mhyprot2.sys“, which provides the anti-cheat functions for Genshin Impact as a device driver, was abused to circumvent privileges. As a result, kernel mode commands killed endpoint protection processes.”

mhyprot2.sys helps prevent players from overt cheating in this game, but it can also be used for nefarious purposes. This report also states that mhyprot2.sys can be used with any malware, which makes it much more dangerous than gamers realize.

A visualization (Image via Trend Micro)A visualization (Image via Trend Micro)
A visualization (Image via Trend Micro)

The whole report is very technical and interesting to read, but some players might not even understand it. Here is a very brief summary: mhyprot2.sys from Genshin Impact can make your system vulnerable.

This does not mean that there will be a massive hack taking over the data of millions of gamers. This report is not a doomsday scenario. Instead, it is proof that some ransomware attacks happened recently due to Genshin Impact’s anti-cheat driver.

The report talks about its use with other files to “mass deploy ransomware”.

youtube cover

Examples used in the report include:

  • connection.bat: Runs HelpPane.exe and svchost.exe while killing the victim’s antivirus
  • HelpPane.exe: Install mhyprot2.sys (which comes from Genshin Impact’s anti-cheat)
  • svchost.exe: Includes ransomware

Obtaining mhyprot2.sys is extremely easy, given that the game it comes from is one of the most popular in the world. The report recommends that gamers monitor their computers, along with some recommendations for the antivirus to detect any suspicious files before it’s too late.

If it’s only active when the player is playing Genshin Impact, that’s fine. Any other case is where there is likely to be cause for concern.


HoYover Comment

Not much has changed in about a month (Image via HoYoverse)Not much has changed in about a month (Image via HoYoverse)
Not much has changed in about a month (Image via HoYoverse)

HoYoverse commented on this issue in late August 2022, stating:

“We are currently working on this case and will find a solution as soon as possible to protect player safety and stop potential abuse of the anti-cheat feature. We will update you as soon as we have further progress.”

There hasn’t been much news since then. It’s not like HoYoverse can get the already vulnerable driver out of hackers’ hands, so it will be interesting to see how they try to prevent this issue from happening in the future.


Edited by Sijo Samuel Paul
Profile Picture

var fbPixelFired = false;
document.addEventListener(“scroll”, function() { loadFBPixel() });
document.addEventListener(“mousemove”, function() { loadFBPixel() });
function loadFBPixel() {
if(fbPixelFired) {
return;
}
fbPixelFired = true;
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’
fbq(‘init’, ‘952063904834769’);
fbq(‘track’, “PageView”);
fbq(‘track’, ‘ViewContent’);
}

Click Here to Watch this Event Live Online for Free!

By Peter Kavinsky

Peter Kavinsky is the Executive Editor at cablefreetv.org