Descripción
The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The must first be installed by a user administrative privileges.
https://github.com/kagurazakasanae/Mhyprot2DrvControl
https://github.com/kkent030315/evil-mhyprot-cli
https://web.archive.org/web/20211204031301/https://www.godeye.club/2021/05/20/001-disclosure-mhyprot.html
https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
https://www.vice.com/en/article/y3p35w/hackers-are-using-anti-cheat-in-genshin-impact-to-ransom-victims
https://github.com/kagurazakasanae/Mhyprot2DrvControl
https://github.com/kkent030315/evil-mhyprot-cli
https://web.archive.org/web/20211204031301/https://www.godeye.club/2021/05/20/001-disclosure-mhyprot.html
https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
https://www.vice.com/en/article/y3p35w/hackers-are-using-anti-cheat-in-genshin-impact-to-ransom-victims
