Skip to main content

This game lets hackers attack your PC, and you don’t even need to play it

Hackers have been abusing the anti-cheat system in a massively popular game, and you don’t even need to have it installed on your computer to be affected.

The game in question is called Genshin Impact, and according to a new report, hackers are able to utilize the game’s anti-cheat measures in order to disable antivirus programs on the target machine. From there, they’re free to conduct ransomware attacks and take control of the device.

An overview of the Genshin Impact hack.
Trend Micro

Trend Micro prepared a lengthy report about this new hack, describing the way it works in great detail. The attack can be carried out using a Genshin Impact driver called “mhypro2.sys.” As mentioned above, the game doesn’t need to be installed on the targeted device. The module can operate independently and doesn’t need the game in order to run.

Researchers have found proof of threat actors using this vulnerability to conduct ransomware attacks since July 2022. While it’s unclear how the hackers are initially able to gain access to their target, once they’re in, they’re able to use the Genshin Impact driver in order to access the computer’s kernel. A kernel generally has full control over everything that happens in your system, so for threat actors to be able to access it is disastrous.

The hackers used “secretsdump,” which helped them snatch admin credentials, and “wmiexec,” which executed their commands remotely through Windows’ own Management Instrumentation tool. These are free and open-source tools from Impacket that anyone could get their hands on if they wanted to.

With that out of the way, the threat actors were able to connect to the domain controller and implant malicious files onto the machine. One of these files was an executable called “kill_svc.exe” and it was used to install the Genshin Impact driver. After dropping “avg.msi” onto the desktop of the affected computer, four files were transferred and executed. In the end, the attacker was able to completely kill the computer’s antivirus software and transfer the ransomware payload.

After some hiccups, the adversaries were able to fully load the driver and the ransomware onto a network share with the goal of mass deployment, meaning they could affect more workstations connected to the same network.

If you're a business and you run MDE or the like, I recommend blocking this hash, it's the vulnerable driver.

It load straight away on Windows 11 with TPM and all that, the problem has been ignored.

— Cloudflare Support Hate (@GossiTheDog) August 25, 2022

According to Trend Micro, Genshin Impact developers were informed about the vulnerabilities in the game module as early as 2020. Despite that, the code-signing certificate is still there, which means that Windows continues to recognize the program as secure.

Even if the vendor responds to this and fixes this major flaw, its old versions will still remain on the internet, and thus, will remain a threat. Security researcher Kevin Beaumont advised users to block the following hash in order to defend themselves from the driver: 0466e90bf0e83b776ca8716e01d35a8a2e5f96d3.

As of now, the creators of Genshin Impact haven’t responded to these findings. This is just one of many recent cyberattacks, which have doubled since last year according to a new report.

Editors' Recommendations

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
I uninstalled Windows on my gaming PC, and I don’t want to go back
A laptop running Linux with a controller sitting on it.

Like many people I've had some recent trouble with Windows. I deal with it because I have to, despite my issues with Windows 11 and its requirements and Microsoft's consistent encroaching on users' privacy. Finally, I decided to do something about it.

I uninstalled Windows 11 on my gaming PC and tried my hand at Linux gaming. The Steam Deck has bolstered Linux support massively in the last few months, and now that I've spent some time with Tux, I don't want to go back.
Why Linux?

Read more
Not even your PC’s power supply is safe from hackers
Eaton 5S1500LCD UPS Battery Backup.

Hackers have managed to find a way to successfully gain access to uninterruptable power supply (UPS) computer systems, according to a report from The Cybersecurity and Infrastructure Security Agency (CISA).

As reported by Bleeping Computer and Tom’s Hardware, both the Department of Energy and CISA issued a warning to organizations based in the U.S. that malicious threat actors have started to focus on infiltrating UPS devices, which are used by data centers, server rooms, and hospitals.

Read more
Don’t use a free VPN — you’ll be putting your data at risk
A close-up of a computer monitor displaying a generic VPN.

With money tight, it's super tempting to go with a free VPN, right? You really shouldn't. At least not for long-term use. Sure, some of the best free VPNs could be worth checking out if you're desperate but for the most part, you really need to sign up to the best VPN that costs money. Once you've delved into knowing exactly what a VPN is, it should make a lot of sense why going a paid route is a better option. If you're still not sure, read on while we break it down for you.
A free VPN is rarely truly free
Okay, we're not saying that signing up for a free VPN will cost you money but have you ever thought about how such a service can be free? Simply put, there's always a catch.

Many free VPNs make money from two potential sources and neither is good for you. Some earn money by inundating you with advertisements, meaning you'll see more ads while you browse online. That soon gets incredibly irritating and against the spirit of using a VPN in many cases.

Read more