Ransomware abuses Genshin Impact's kernel mode anti-cheat to bypass antivirus protection (Works without Genshin installed - Breaches entire Windows operating environment)

@OsrsNeedsF2P@lemmy.ml · 2 years ago

Ransomware abuses Genshin Impact's kernel mode anti-cheat to bypass antivirus protection (Works without Genshin installed - Breaches entire Windows operating environment)

@OsrsNeedsF2P@lemmy.ml · edit-2 2 years ago

Malware distributors can use the Genshin kernel module to distribute their viruses and totally wreck your PC. Antimalware will not catch it. The kernel module is also signed by Microsoft, making it extremely easy to install on a victim’s computer.

@alatheus@lemmy.perthchat.org · 2 years ago

Anticheat is malware

@AgreeableLandscape@lemmy.ml · edit-2 2 years ago

Not defending kernel mode anticheats, but I think the bigger problem here is Windows’s Swiss cheese level kernel module management. Because apparently this whole fiasco is because the kernel module in question is “verified” by Microsoft, so it doesn’t need admin/UAC authorisation to install, a machanic which this malware exploits.

More discussion here: https://infosec.exchange/@r000t/108890918411908350

Helix 🧬 · 2 years ago

And all because server side anticheat is too expensive for them to host. I mean, what does the Kernel based anticheat really give the players? It only benefits the company so they can make more money with fewer resources.

poVoq · 2 years ago

Wow, what a surprise /s

@FuckBigTech347@lemmygrad.ml · 2 years ago

Knew something like this would happen eventually. At some point in the future every anti-cheat that uses kernel modules will have at least one vulnerability like this discovered. Calling it now.