Anti-cheat Genshin Impact is vulnerable and can be used by hackers

Anti-cheat software is often needed to curb cheaters, but it can be used in a game like Genshin impact. Hackers can apparently take advantage of this at the kernel level, and this is obviously not for good reasons.

The root of the problem is related to the driver known as mhyprot2.sys, which is used for Genshin Impact anti-cheats.

Several technology websites have reported that ransomware attacks have occurred using this driver to bypass privileges. Worst of all, the game doesn't have to be installed for this to happen. Not surprisingly, this has led some people to kill their antivirus and install ransomware on their computers.

Information about the dubious anti-cheat software Genshin Impact and how hackers can use it

The video above contains some important excerpts from Trend Micro's report on their findings. Here is an important excerpt from the Trend Micro report that readers should understand:

“By analyzing the sequence, we found that a code-signed driver named “mhyprot2.syswhich provides anti-cheat functionality for Genshin Impact as a device driver has been abused to bypass privileges. As a result, commands from kernel mode killed the endpoint protection processes."

mhyprot2.sys helps stop players from outright cheating in this game, but it can also be used for nefarious means. This report also states that mhyprot2.sys can be used along with any malware, making it far more dangerous than players might imagine.

The entire report is very technical and interesting to read, but some players may not even understand it. Here is a very brief summary: mhyprot2 by Genshin Impact.sys can leave your system vulnerable.

This does not mean that there will be a massive hack that has captured the data of millions of players. This report is not some gloomy scenario. Instead, this is proof that some ransomware attacks are happening lately due to the Genshin Impact anti-cheat driver.

The report states that it is being used along with other files to "mass-deploy ransomware."

The report uses the following examples:

• input.bat: Executes HelpPane.exe and svchost.exe simultaneously killing the victim's antivirus
• HelpPane.exe: Installs mhyprot2.sys (which comes from Genshin Impact anti-cheats)
• svhost.exe: Includes ransomware

Getting mhyprot2.sys is extremely easy considering that the game it comes from is one of the most popular in the world. The report recommends that players keep an eye on their computers, as well as some recommendations for antivirus to detect any suspicious files before it's too late.

If it's only active when the player is playing Genshin Impact, that's fine. Any other case is when it is probably a cause for concern.

Comment by HoYoverse

hoyoverse commented on this issue back in late August 2022, stating:

“We are currently working on this case and will find a solution as soon as possible to protect the safety of players and stop potential abuse of the fraud protection feature. We will keep you updated as we have further progress."

There hasn't been much news since then. This does not mean that HoYoverse can remove an already vulnerable driver from the hands of hackers, so it will be interesting to see how they try to prevent this problem from occurring in the future.

Was the article helpful?

Thank you very much!

YES! >. No, bad :

Send this to help me!