Hackers abuse Genshin Impact anti-cheat file to deploy ransomware: Researchers
Acton role-playing game Genshin Impact is under the scanner of cybercriminals who are abusing the anti-cheat feature of the game and sending ransomware payloads to target the users of the game. Anti-cheat is software designed to prevent players of online games from gaining an unfair advantage over others.
Genshin Impact is an open-action game set across a fantasy world called Teyvat. The game can be played on Android, iOS Playstation 5 and Windows. When it comes to anti-cheat systems, most games either use —EasyAntiCheat or BattlEye, however, Genshin Impact has an entirely unique set of anti-cheat files known as mhyprot2.sys.
According to Trend Micro researchers, attackers are targeting Windows users of the game. When you install the game on Windows, the anti-cheat file works as a device driver and also authorises kernel-level authorization within your computer. Following this, the threat actor can pass on ransomware and infect your computer encrypting all your files and gaining access to your sensitive information.
What makes the infected anti-cheat file unique is that it runs a fake AVG antivirus, and that’s how it enters your system. It then dumps various files as ransomware. As per researchers, the ransomware also has the power to shut all the antivirus from detecting it, including the likes of 360 Total Security.
Researchers note that organizations and security teams should be careful because of several factors—it can encrypt all your system files, and even deploy the ransomware to other PCs if you’re connected to multiple networks. “Ransomware operators are continuously looking for ways to covertly deploy their malware onto users’ devices. Using popular games or other sources of entertainment is an effective way of baiting victims into downloading dangerous files. It is important for enterprises and organizations to monitor what software is being deployed onto their machines or have the proper solutions in place that can prevent an infection from happening,” Trend Micro Researchers wrote in a blog post.
Going forward, users who are still using Genshin Impact should be careful with all the files that they download and update the latest patch released the game.