Security News > 2022 > August > Hackers abuse Genshin Impact anti-cheat system to disable antivirus
Hackers are abusing an anti-cheat system driver for the immensely popular Genshin Impact game to disable antivirus software while conducting ransomware attacks.
The driver/module, "Mhypro2.sys," doesn't need the target system to have the game installed, and it can operate independently or even embedded in malware, offering the threat actors a powerful vulnerability that can disable security software.
In a new report by Trend Micro, researchers have seen evidence of threat actors abusing this driver since late July 2022, with ransomware actors using it to disable otherwise properly configured endpoint protection solutions.
Exe, kills antivirus and other services, and executes svchost.
Exe - The ransomware payload. Trend Micro comments that the threat actors tried and failed thrice to encrypt the files on the attacked workstation, but the antivirus services were successfully disabled.
Finally, the threat actor loaded the driver, the ransomware, and the 'kill svc.