Analyzing the sequence, we found that a code-signed driver called “ mhyprot2.sys”, which provides the anti-cheat functions for Genshin Impact as a device driver, was being abused to bypass privileges. Security teams and defenders should note that mhyprot2.sys can be integrated into any malware.ĭuring the last week of July 2022, a ransomware infection was triggered in a user environment that had endpoint protection properly configured. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware. Such is the case of mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. However, when a legitimate driver is used as a rootkit, that’s a different story. These rootkits are usually signed with stolen certificates or are falsely validated. ![]() There have already been reports on code-signed rootkits like Netfilter, FiveSys, and Fire Chili.
0 Comments
Leave a Reply. |