Source.Īll of the processes on the list, including security solutions active on the computer, were halted by the mhyprot2.sys driver one by one. List of processes force-stopped by the game driver. Another utility they deployed in the system gathered data on processes that could interfere with the installation of the malicious code. They did succeed in installing the perfectly legal driver mhyprot2.sys from Genshin Impact, though. However, the attempt to install the malware on the workstation failed: the module that was supposed to encrypt data - clearly expected to be followed up by ransom demand - failed to run, and the attackers had to start it manually later. The attackers used group policies to install the file on one of the workstations - and this was probably a rehearsal for a mass infection of computers in the organization. In addition to stealing data from the controller, the hackers placed there a shared folder with a malicious installer which they disguised as an antivirus. All we know is that they used a compromised administrator account to access the domain controller via RDP. The report details an attack on an unnamed victim, while omitting the initial method the hackers used to penetrate the given corporate infrastructure. And you don’t even need to install the game itself to become a victim. In a nutshell, a hacker group figured out that it could use virtually unlimited system privileges afforded by the driver and the associated legitimate digital certificate as tools for a targeted attack. The attack used this particular driver mhyprot2.sys. In August 2022, Trend Micro released a report about an unusual attack on corporate infrastructure. Unexpectedly, hackers have found another use for the driver. The game needs this for detecting and blocking tools that help circumvent built-in restrictions. It provides the game’s defense mechanism with broad system privileges, and has a digital signature to prove its rights. The Windows version comes with a module combating gaming cheats, which incorporates a driver named mhyprot2.sys. Released on PC and consoles in September 2020, the action-adventure video game Genshin Impact was created by miHoYo Limited of China.
0 Comments
Leave a Reply. |