"Hackers Are Using Anti-Cheat in 'Genshin Impact' to Ransom Victims"

The anti-cheat system of Genshin Impact, a popular free-to-play online game, is being used by a ransomware gang to hack victims and launch ransomware. According to Trend Micro, anti-cheat systems, which are installed by default as part of many online games, can be abused to hack players. The unnamed hackers are exploiting the fact that Genshin Impact's anti-cheat system has known vulnerabilities, that it is signed by a legitimate company, and that it has high privileges, meaning it has access to sensitive parts of the operating system. The hackers' goal is to mass-deploy ransomware. It remains unclear how the hackers gained an initial foothold into a targeted computer. Once inside, the hackers used Genshin Impact's anti-cheat system to gain access to the computer's kernel. Then they disabled antivirus software and installed ransomware on the victim's computer. They are abusing the anti-cheat system to gain access to more sensitive parts of the operating system and avoid detection by antivirus software prior to deploying the ransomware. Trend Micro researchers point out that the game does not need to be installed on a victim's device for this to work, implying that hackers can simply install the anti-cheat system before deploying the ransomware. Security researchers have warned about flaws in Genshin Impact's anti-cheat system for years. A researcher demonstrated in 2020 that the system could be abused to read the computer's memory and processes. In 2021, a researcher published a proof-of-concept that turned the anti-cheat system into malicious software capable of accessing the kernel. Despite concerns, the vulnerable anti-cheat system continues to be installed on players' computers and has yet to be patched. According to Trend Micro researchers, there are currently no solutions because the anti-cheat system is a legitimate program signed by a real company, so it is not flagged by antivirus or Windows. This article continues to discuss hackers' exploitation of well-known vulnerabilities in Genshin Impact's anti-cheat system to access sensitive parts of victims' operating systems and deploy ransomware. 

Motherboard reports "Hackers Are Using Anti-Cheat in 'Genshin Impact' to Ransom Victims"