Skip to main content

This game lets hackers attack your PC, and you don’t even need to play it

Hackers have been abusing the anti-cheat system in a massively popular game, and you don’t even need to have it installed on your computer to be affected.

The game in question is called Genshin Impact, and according to a new report, hackers are able to utilize the game’s anti-cheat measures in order to disable antivirus programs on the target machine. From there, they’re free to conduct ransomware attacks and take control of the device.

An overview of the Genshin Impact hack.
Trend Micro

Trend Micro prepared a lengthy report about this new hack, describing the way it works in great detail. The attack can be carried out using a Genshin Impact driver called “mhypro2.sys.” As mentioned above, the game doesn’t need to be installed on the targeted device. The module can operate independently and doesn’t need the game in order to run.

Recommended Videos

Researchers have found proof of threat actors using this vulnerability to conduct ransomware attacks since July 2022. While it’s unclear how the hackers are initially able to gain access to their target, once they’re in, they’re able to use the Genshin Impact driver in order to access the computer’s kernel. A kernel generally has full control over everything that happens in your system, so for threat actors to be able to access it is disastrous.

The hackers used “secretsdump,” which helped them snatch admin credentials, and “wmiexec,” which executed their commands remotely through Windows’ own Management Instrumentation tool. These are free and open-source tools from Impacket that anyone could get their hands on if they wanted to.

With that out of the way, the threat actors were able to connect to the domain controller and implant malicious files onto the machine. One of these files was an executable called “kill_svc.exe” and it was used to install the Genshin Impact driver. After dropping “avg.msi” onto the desktop of the affected computer, four files were transferred and executed. In the end, the attacker was able to completely kill the computer’s antivirus software and transfer the ransomware payload.

After some hiccups, the adversaries were able to fully load the driver and the ransomware onto a network share with the goal of mass deployment, meaning they could affect more workstations connected to the same network.

https://twitter.com/gossithedog/status/1562848838972755968

According to Trend Micro, Genshin Impact developers were informed about the vulnerabilities in the game module as early as 2020. Despite that, the code-signing certificate is still there, which means that Windows continues to recognize the program as secure.

Even if the vendor responds to this and fixes this major flaw, its old versions will still remain on the internet, and thus, will remain a threat. Security researcher Kevin Beaumont advised users to block the following hash in order to defend themselves from the driver: 0466e90bf0e83b776ca8716e01d35a8a2e5f96d3.

As of now, the creators of Genshin Impact haven’t responded to these findings. This is just one of many recent cyberattacks, which have doubled since last year according to a new report.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
The simple reasons your PC games don’t play as well as they should
The HP Omen 40L desktop sitting on a coffee table.

Whether you have the best gaming desktop money can buy or a budget-oriented PC, the whole point of it all is to be able to play your favorite games and make them look nice and run great. Not every gamer cares about visuals, but performance matters, and getting your money's worth out of your PC is important, too.

If a PC performs poorly in games, many of us immediately assume that the hardware is to blame. Sure, that can often be the case, but before you start looking into ways to upgrade your computer, try out these solutions that might solve your problem and let you get back to high-quality gaming.
PC settings
Whether you're dealing with poor performance, such as stuttering and low frames per second (fps), or you're simply unhappy with how your games look, the root of the problem might lie in the settings of your PC -- and as such, it could be an easy fix.

Read more
Does your Mac need antivirus software in 2024? We asked the experts
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

It’s an age-old question among Apple fans: Does your Mac need antivirus software? Traditionally, the popular answer has been no -- Macs have strong built-in protections, the argument goes, and antivirus apps can potentially slow down your computer. In the end, the trade-off didn’t seem to be worth it.

But is that still true today? After all, Macs are increasingly becoming a target of cybercriminals, with some Mac malware strains supposedly even being created by nation states. In that kind of situation, has the game changed?

Read more
Hackers are pretending to be cybersecurity firm to lock your entire PC
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

As hackers come up with new ways to attack, not even trustworthy names can be taken at face value. This time, a ransom-as-a-service (RaaS) attack is being used to impersonate a cybersecurity vendor called Sophos.

The RaaS, referred to as SophosEncrypt, can take hold of your files -- or even your whole PC -- and requires payment to have them decrypted.

Read more