Ankura CTIX FLASH Update – August 26, 2022

Ankura CTIX FLASH Update – August 26, 2022

Ransomware/Malware Activity

Anti-Cheat, Code-Signed Driver Abused to Bypass Privileges and Deploy Ransomware

Trend Micro researchers observed a ransomware infection in late July 2022 that involved a code-signed driver called “mhyprot2.sys”, which is used for anti-cheat functions in the video game Genshin Impact. The currently undisclosed ransomware abused this driver to bypass privileges and disable anti-virus software. A notable observation by researchers is that Genshin Impact does not need to be installed on a victim’s machine for this ransomware to be deployed, as the use of the driver is independent from the video game and can be integrated into any malware. Since the driver is code-signed, it can be installed on Windows machines without creating alerts often seen with unsigned…


Source link

About hosting

Check Also

Anonymous VPS Hosting – Advantages and Benefits

Anonymous VPS Hosting – Advantages and Benefits

VPS hosting, or Virtual Private Server hosting, is a type of web hosting that allows …

Leave a Reply

Your email address will not be published. Required fields are marked *