According to research from Trend Micro, a cybercriminal used a weak anti-cheat driver for the video game Genshin Impact to disable antivirus software and enable the distribution of ransomware.
The fact that the aforementioned driver (“mhyprot2.sys”) is signed with a valid certificate, thereby making it possible to circumvent privileges and terminate services connected with endpoint protection applications, was the foundation upon which the ransomware infection, which was launched in the final week of July 2022, was built. Popular action role-playing game Genshin Impact was created and released in September 2020 by Shanghai-based company miHoYo.
According to the researchers, the plan was to use a batch file to install the driver, stop antivirus services, and deliver the ransomware payload on a large scale via the domain controller.
Read More: Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus
For more such updates follow us on Google News ITsecuritywire News