Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mk.absturztau.be/notes/94ckiwklum">Puniko ? (puniko@mk.absturztau.be)'s status on Thursday, 25-Aug-2022 21:12:07 JST</a><a href="https://mk.absturztau.be/@puniko" title="puniko@mk.absturztau.be"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="Puniko ?" style="position: absolute; left: 0; top: 0;">Puniko ?</a></section><article><p>There have already been reports on code-signed rootkits like Netfilter, FiveSys, and Fire Chili. These rootkits are usually signed with stolen certificates or are falsely validated. However, when a legitimate driver is used as a rootkit, that’s a different story. Such is the case of mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware. Security teams and defenders should note that mhyprot2.sys can be integrated into any malware.  <a href="https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html">https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/106047#notice-184241">In conversation</a><time datetime="2022-08-25T21:12:07+09:00" title="Thursday, 25-Aug-2022 21:12:07 JST">Thursday, 25-Aug-2022 21:12:07 JST</time> <span>from <span><a href="https://mk.absturztau.be/notes/94ckiwklum" rel="external" title="Sent from mk.absturztau.be via ActivityPub">mk.absturztau.be</a></span></span><a href="https://mk.absturztau.be/notes/94ckiwklum">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/66805">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Puniko ? (puniko@mk.absturztau.be)'s status on Thursday, 25-Aug-2022 21:12:07 JST Puniko ?
There have already been reports on code-signed rootkits like Netfilter, FiveSys, and Fire Chili. These rootkits are usually signed with stolen certificates or are falsely validated. However, when a legitimate driver is used as a rootkit, that’s a different story. Such is the case of mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware. Security teams and defenders should note that mhyprot2.sys can be integrated into any malware. https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
In conversationThursday, 25-Aug-2022 21:12:07 JST from mk.absturztau.bepermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice