A critical vulnerability has been discovered at a kernel level Genshin Impact anti-cheat driver. The vulnerability potentially allows hackers to bypass players’ antivirus protection, and you don’t even need to have Genshin Impact currently installed on your machine to be susceptible to it.
What is this Genshin Impact anti-cheat driver vulnerability?
Gamers don’t particularly appreciate anti-cheat software, but kernel-level anti-cheat drivers have been especially controversial in the gaming industry for some time now. This is because, in extremely basic terms, kernel-level files have a lot of power over your machine and operating system, and many gamers are uncomfortable giving so much control to an anti-cheat driver.
Now, it looks like those players might have some validation. According to Trend Micro (via PC Gamer), a Genshin Impact Ransomware actors have used an anti-cheat driver that runs at the kernel level to gain root access to a machine and remove antivirus protection. The file, which is called mhyprot2.sys, was present on the machine even though Genshin Impact was not installed.
Trend Micro researchers Hitomi Kimura and Ryan Soliven say they observed ransomware actors trying to use mhyprot2.sys vulnerabilities to spread malware beyond a single device. Apparently, the file can “embed itself in any malware” and remains on your PC even after you uninstall it. Genshin Impact, which is worrying. Naturally, you are not vulnerable to this problem if you are playing Genshin on PlayStation.
What can you do about it? Genshin Impact anti-cheat vulnerability?
Unfortunately, there is not much that you as an end user can do about this vulnerability. As Trend Micro points out, it’s impossible to delete the file “once distributed”, which means you can’t access your file system and remove the anti-cheat driver even if the game is no longer installed. Genshin ImpactThe anti-cheat driver doesn’t run after closing the game, but that doesn’t seem to matter in terms of ransomware attackers accessing the file.
As Trend Micro points out, a user named Kento Oki demonstrated the Hoyoverse vulnerability in 2020, but nothing came of that demo. At the time of writing, the vulnerability remains and there is no fix available from Hoyoverse (which is where the fix should come from, as there is nothing for end users to do).
Genshin Impact it’s far from the only game to use kernel-level anti-cheat drivers, of course. Riot Games’ anti-cheat software uses a kernel driver, just like Bethesda’s eternal doom. Given the enormous amount of access kernel-level files have to your computer, they are extremely effective anti-cheat mechanisms, but they obviously have their drawbacks as well.
Hoyoverse told us that the team is “currently working” on a fix to safeguard Genshin Impact players and prevent potential abuse of the anti-cheat feature. Meanwhile, if you’re playing Genshin Impact on PC, make sure your antivirus definitions are up to date and make sure you have decent anti-malware software as well. This won’t guarantee protection against possible kernel-level ransomware attacks, but it’s better than nothing.