HoYoverse knows about it, but they don’t.
{“id”:1329082,”type”:”num”,”link”:”https:\/\/dtf.ru\/life\/1329082-hackery-ispolzuyut-antichit-genshin-impact-dlya-sozdaniya- virusov-vymogateley”,”gtm”:””,”prevCount”:null,”count”:36,” isAuthorized”:false}
{“id”:1329082,”type”:1,”typeStr”:”content”,”showTitle”:false,”initialState”:{“isActive”:false},”gtm”:””}
{“id”:1329082,”gtm”:null}
4432
Views
The fact that hackers use Genshin Impact anti-cheat driver in their ransomware, Said Experts from Trend Micro. According to their research, attackers have been distributing such utilities since July 2022.
Hackers take advantage of the fact that the Chinese action RPG’s anti-cheat driver has a digital certificate from Microsoft, thereby gaining elevated privileges on Windows. Once attackers include the driver in their malware, they can also use it to disable antivirus.
Trend Micro emphasized that a successful attack does not require Genshin Impact to be installed on the victim’s computer. Ransomware with an integrated anti-cheat driver works on its own without using any other game files.
As of 2020, cybersecurity experts have expressed concern that Genshin Impact Anti-Cheat has many privileges, including at the Windows kernel level. HoYoverse only responded to the claims once and updated the anti-cheat so it turns off when the game isn’t working.
Trend Micro experts told HoYoverse about the ransomware they discovered, but the Chinese company did not comment on the situation.
Problem solver. Incurable bacon specialist. Falls down a lot. Coffee maven. Communicator.