Skip to content Skip to sidebar Skip to footer

There is a Dangerous Ransomware that Hackers Hide in Genshin Impact

Antivirus company Trend Micro found anti-cheat software in the popular game Genshin Impact that hackers used to spread ransomware. The malicious virus is attached in the form of a file called 'mhyprot2.sys' which is intended as an anti-cheat driver in the MMORPG game made by HoYoverse.


Launching Techspot, this driver has actually been around since 2020. The GitHub developers even made a proof of concept showing how someone could abuse the driver to kill system processes, including antivirus.




“This ransomware is the first example of our recorded malicious activity. The bad actors aim to spread the ransomware on the victim's device and spread the infection," Trend Micro wrote.


When they investigated, they found that the hacker was using the driver-coded mhyprot2.sys. Even Windows recognizes the 'mhyprot2.sys' system as a trustworthy system, so Genshin Impact doesn't need to be installed for the exploit driver to work.


This is because malicious actors can use it independently and add 'mhyprot2.sys' to any malware. This was discovered by Trend Micro in July 2022, by a customer who became a victim of ransomware even though the system had been protected with endpoint protection.


Hidden Ransomware in Genshin Impact


Trend Micro has also notified Genshin Impact studio MiHoYo about the vulnerability. So developers can anticipate hacker activity can use it independently and add mhyprot2.sys to any malware.



The problem is, since hackers can use drivers independently, any patch will only affect the patch that installs the game. Hackers will probably spread old versions of divers around their community.


“Not all security products are deployed in the same way, and may have certificate checks at different stack levels or may not be checked at all,” says Trend Micro.


Trend Micro has also made specific improvements to its anti-virus software to address this. However, other anti-virus software may still be hackable by mhyprot2.sys, unless it is specially configured to detect it.

Post a Comment for "There is a Dangerous Ransomware that Hackers Hide in Genshin Impact"