Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
released on 2022-08-26 @ 11:50:44 AM
During the last week of July 2022, a ransomware infection was triggered in a user environment that had endpoint protection properly configured. Analyzing the sequence, TrendMicro found that a code-signed driver called “mhyprot2.sys”, which provides the anti-cheat functions for Genshin Impact as a device driver, was being abused to bypass privileges. As a result, commands from kernel mode killed the endpoint protection processes.