Ransomware Actor Exploits Genshin Impact's Kernel Level Anti-Cheat Driver And Literally Bypasses Antivirus Protection
PC security is taking quite the tumble.
On Wednesday, an investigation into the exploitation of the anti-cheat driver for Genshin Impact came to a head, revealing a ransomware actor has found a way to kill antivirus protection. Making matters worse, Genshin Impact doesn't even have to be installed for the exploit to work.
Authors Ryan Soliven and Hitomi Kimura headed the investigation and published their findings on Trend Micro. They explained how the legitimate driver mhyprot2.sys, the anti-cheat software for Genshin Impact, was used to bypass antivirus protection.
In the past, developer HoYoverse has faced scrutiny for the software due to it continually running at the kernel level. This means it ran even after the game was closed and was close to the very core of a PC's total control system. Now, with word of the anti-cheat software being abused, it's clear how bad this looks, and Genshin Impact isn't alone when utilizing kernel level anti-cheats...remember the backlash against Valorant's?
"Genshin Impact does not need to be installed on a victim's device for this work," Soliven and Kimura stated. They go on to say the module to bypass antivirus is "very easy to obtain and will be available to everyone until it is erased from existence." Both authors expressed how malicious the exploit could become and noted, "certificate revocation and antivirus detection might help to discourage the abuse, but there are no solutions at this time because it is a legitimate module."
You can read more about their report on Trend Micro to learn more!
Related Articles
About the Author

Anthony Jones is a gaming journalist and late 90s kid in love with retro games and the evolution of modern gaming. He started at Mega Visions as a news reporter covering the latest announcements, rumors, and fan-made projects. FFXIV has his heart in the MMORPGs scene, but he's always excited to analyze and lose hours to ambitious and ambiguous MMOs that gamers follow.
Read Next
POE Lead Dev Says League Backlash Is Due To "Human Error" On Balancing, But Admits Not Knowing "Impact Of The Change"
It seems a failure in communication led to a pretty unsatisfying league launch.
By Anthony Jones - 1 year agoYou May Enjoy
Blowfish's F2P Mecha-Space Game "Phantom Galaxies" Looks Neat...But Sadly It's NFT Based
To access Alpha, players need a specific NFT.
By QuintLyn Bowers - 1 day agoEverything We Learned About The Elder Scrolls Online's Endless Archive And Update 40 During Today's Livestream
There's a ton of new awesome coming to ESO.
By Troy Blackburn - 1 week agoStar Trek Online: Incursion Update Now Live ON PC
The multiverse saga continues.
By QuintLyn Bowers - 1 week agoNew Abyss Online Q&A Reviews Plans For PvE, PvP, And Why NFTs/Blockchain Were Part Of The Plan, But Aren't Now
While we knew most of this from our interview, now the team is officially posting their rationale.
By Michael Byrne - 1 week agoThere's A New Raid In Dungeons & Dragons Online Today, And Some Buggy Undead Get Fixed
Fire Over Morgrave is a legendary difficulty raid.
By Troy Blackburn - 1 week agoRift Celebrates Steam's 20th Anniversary With Free Stuff...Still No Update In Sight
Players get 7 free days of Patron status.
By QuintLyn Bowers - 1 week ago
Discussion (1)