Ransomware/Malware Activity
Anti-Cheat, Code-Signed Driver Abused to Bypass Privileges and Deploy Ransomware
Trend Micro researchers observed a ransomware infection in late July 2022 that involved a code-signed driver called “mhyprot2.sys”, which is used for anti-cheat functions in the video game Genshin Impact. The currently undisclosed ransomware abused this driver to bypass privileges and disable anti-virus software. A notable observation by researchers is that Genshin Impact does not need to be installed on a victim’s machine for this ransomware to be deployed, as the use of the driver is independent from the video game and can be integrated into any malware. Since the driver is code-signed, it can be installed on Windows machines without creating alerts often seen with unsigned…
Source link
