304 North Cardinal St.
Dorchester Center, MA 02124
The role-playing game Acton Genshin Impact is under the control of cybercriminals who are abusing the game’s anti-cheat feature and sending ransomware to target the game’s users. Anti-cheat is software designed to prevent online game players from gaining an unfair advantage over others.
Genshin Impact is an open action game set in a fantasy world called Teyvat. The game can be played on Android, iOS Playstation 5 and Windows. When it comes to anti-cheat systems, most games either use —EasyAntiCheat or BattlEye, however Genshin Impact has a completely unique set of anti-cheat files known as mhyprot2.sys.
According to Trend Micro researchers, the attackers are targeting Windows game users. When you install the game on Windows, the anti-cheat file acts as a device driver and also authorizes kernel-level authorization on your computer. The threat actor can then deliver the ransomware and infect your computer by encrypting all your files and gaining access to your sensitive information.
What makes the infected anti-cheat file unique is that it runs a fake AVG antivirus and thus enters your system. It then lists various files as ransomware. According to the researchers, the ransomware also has the ability to prevent all antiviruses from detecting it, including ones like 360 Total Security.
The researchers note that organizations and security teams should be cautious due to several factors – it can encrypt all your system files and even deploy ransomware to other computers if you are connected to multiple networks. “Ransomware operators are constantly looking for ways to covertly deploy their malware onto users’ devices. Using popular games or other sources of entertainment is an effective way to trick victims into downloading malicious files. It is important for businesses and organizations to monitor what software is deployed on their machines or to have appropriate solutions that can prevent infection,” Trend Micro Researchers wrote in a blog post.
Going forward, users still using Genshin Impact should be careful with any files they download and update to the latest patch released by the game.