When genshin Impact came out, there were a lot of complaints that the anti cheats it uses do it at kernel levels, which is a huge security compromise, and he already warned us Valorant anti cheat. But that hasn't stopped it from being one of the most popular games out there right now with millions of regular players venturing into Teyvat.
Now it turns out that yes, its anti cheat system was indeed a security hole. Recently, it has been seen that has been used to install malware on devices.
Genshin Impact is a very serious security issue
The free to play Genshin Impact features a unique anti-chheat known as mhyprot2.sys. Towards the end of July 2022, a TrendMicro report warned that some security teams realized that the game would have much bigger problems related to that same file. The anti-cheat for Genshin Impact works as a device driver and has kernel level authorization within the computer.
It has recently been seen that an infected version of anti.cheat is being distributed accompanied by a kill.svc file, which installs the service and runs a fake AVG antivirus downloading various files as ransomware. This ransomware would also shut down various other antivirus compounds that would normally protect users. The ransomware payload also starts encrypting files and making them unusable, and can then be deployed to other computers via a PsExec process. This means that a ransomware can make its way through the network of an entire building in the same domain, in such a way that no computer would be safe if the files were in that domain.
This has been an ongoing issue that has plagued the game for a while. The mhyprot2.sys had already been used to distribute DLLs before. Hoyoverse was already warned about this problem, but has not released updates about it or released any communications. This means that having Genshin Impact installed means leaving you exposed, and not just for the purposes of gambling from the game's gacha mechanics. It is possible that Hoyoverse will update it so as not to reach such a low permission level, or that it will use another anti-cheat more supported by developers and security experts.
Source: Wccftech
