Ransomware Actor Exploits Genshin Impact's Kernel Level Anti-Cheat Driver And Literally Bypasses Antivirus Protection

PC security is taking quite the tumble.

Anthony Jones
By Anthony Jones, News Editor August 27, 2022
Share:

Genshin Impact Ransomware

On Wednesday, an investigation into the exploitation of the anti-cheat driver for Genshin Impact came to a head, revealing a ransomware actor has found a way to kill antivirus protection. Making matters worse, Genshin Impact doesn't even have to be installed for the exploit to work.

Authors Ryan Soliven and Hitomi Kimura headed the investigation and published their findings on Trend Micro. They explained how the legitimate driver mhyprot2.sys, the anti-cheat software for Genshin Impact, was used to bypass antivirus protection.

In the past, developer HoYoverse has faced scrutiny for the software due to it continually running at the kernel level. This means it ran even after the game was closed and was close to the very core of a PC's total control system. Now, with word of the anti-cheat software being abused, it's clear how bad this looks, and Genshin Impact isn't alone when utilizing kernel level anti-cheats...remember the backlash against Valorant's?

"Genshin Impact does not need to be installed on a victim's device for this work," Soliven and Kimura stated. They go on to say the module to bypass antivirus is "very easy to obtain and will be available to everyone until it is erased from existence." Both authors expressed how malicious the exploit could become and noted, "certificate revocation and antivirus detection might help to discourage the abuse, but there are no solutions at this time because it is a legitimate module."

You can read more about their report on Trend Micro to learn more!

Share:
Got a news tip? Contact us directly here!

In this article: Genshin Impact, HoYoverse.

About the Author

Anthony Jones
Anthony Jones, News Editor
Anthony Jones is a gaming journalist and late 90s kid in love with retro games and the evolution of modern gaming. He started at Mega Visions as a news reporter covering the latest announcements, rumors, and fan-made projects. FFXIV has his heart in the MMORPGs scene, but he's always excited to analyze and lose hours to ambitious and ambiguous MMOs that gamers follow.

Discussion (1)

viper 3 months ago
This is exactly why everyone was warned about kernel-level anti-cheat. A singleplayer/coop game doesn't need anti-cheat anyway.


You May Enjoy

Season 2 Of Overwatch 2 Brings Ramattra, A New Dual-Form Tank Hero, On December 6th

Season 2 Of Overwatch 2 Brings Ramattra, A New Dual-Form Tank Hero, On December 6th

Raise shields or get really angry and use some rocket punches to win the day.

By Michael Byrne - 1 day ago
New Extraction Shooter, Hawked, Coming To PS5, Xbox Series, PS4, Xbox One, And PC

New Extraction Shooter, Hawked, Coming To PS5, Xbox Series, PS4, Xbox One, And PC

If Indian Jones was an FPS game, this would be it.

By Aspen Pash - 6 days ago
Spongebob, "Time Attack Show", And A Kraken: Fall Guys Reveals Underwater Season 3

Spongebob, "Time Attack Show", And A Kraken: Fall Guys Reveals Underwater Season 3

Explore the secrets of an ancient city beneath the waves.

By QuintLyn Bowers - 1 week ago
Microsoft Claims It Offered Sony A 10-Year Contract For Call of Duty On PlayStation, No Comment From Sony

Microsoft Claims It Offered Sony A 10-Year Contract For Call of Duty On PlayStation, No Comment From Sony

Seems to be the fight that just won't end...

By Michael Byrne - 1 week ago
Enjoy This New Trailer Before World Of Warcraft’s Dragonflight Launch

Enjoy This New Trailer Before World Of Warcraft’s Dragonflight Launch

Only a week left to go, now.

By QuintLyn Bowers - 1 week ago
Game Design Spotlight #16: Lost Ark's Cinematic Cutscenes Unveils Zone Depth While Staying Cohesive

💣 Feature | Game Design Spotlight #16: Lost Ark's Cinematic Cutscenes Unveils Zone Depth While Staying Cohesive

The isometric perspective does more for the game's cutscenes and zones than you think.

By Anthony Jones - 6 days ago