Researchers at security firm Trend Micro report that Genshin Impact’s anti-cheat driver, mhyprot2.sys, was exploited by ransomware to kill antivirus software’s processes and services. As a device driver, mhyprot2.sys is installed separately from the game “Yuanshen”. Uninstalling “Yuanshen” will not uninstall mhyprot2.sys. As early as September 2020, when Mihayou released “Yuanshen”, the game community began to discuss mhyprot2.sys with spyware capabilities. It was quickly discovered that a vulnerability could be exploited to kill the process. Developers Kagurazakasanae/kagurazakasanae and Kento Oki respectively released PoCs demonstrating the ability to kill processes. Kento Oki reported the vulnerability to Mihayou, but the company neither acknowledged nor fixed it. The mhyprot2.sys exploited by the ransomware was built in August 2020, and its signature is still valid today without revocation.
This article is reprinted from: https://www.solidot.org/story?sid=72579
This site is for inclusion only, and the copyright belongs to the original author.