![]() After dropping “avg.msi” onto the desktop of the affected computer, four files were transferred and executed. One of these files was an executable called “kill_svc.exe” and it was used to install the Genshin Impact driver. With that out of the way, the threat actors were able to connect to the domain controller and implant malicious files onto the machine. These are free and open-source tools from Impacket that anyone could get their hands on if they wanted to. The hackers used “secretsdump,” which helped them snatch admin credentials, and “wmiexec,” which executed their commands remotely through Windows’ own Management Instrumentation tool. A kernel generally has full control over everything that happens in your system, so for threat actors to be able to access it is disastrous. While it’s unclear how the hackers are initially able to gain access to their target, once they’re in, they’re able to use the Genshin Impact driver in order to access the computer’s kernel. ![]() Researchers have found proof of threat actors using this vulnerability to conduct ransomware attacks since July 2022. The module can operate independently and doesn’t need the game in order to run. The attack can be carried out using a Genshin Impact driver called “mhypro2.sys.” As mentioned above, the game doesn’t need to be installed on the targeted device. Trend Micro prepared a lengthy report about this new hack, describing the way it works in great detail. From there, they’re free to conduct ransomware attacks and take control of the device. ![]() The game in question is called Genshin Impact, and according to a new report, hackers are able to utilize the game’s anti-cheat measures in order to disable antivirus programs on the target machine. Hackers have been abusing the anti-cheat system in a massively popular game, and you don’t even need to have it installed on your computer to be affected.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |