Genshin Impact Anti-Cheat Vulnerability Discovered

Published: August 26, 2022 10:10 AM /


The Traveler staring at a device and trying to comprehend it in Genshin Impact

A critical vulnerability has been discovered in a kernel-level Genshin Impact anti-cheat driver. The vulnerability potentially allows hackers to bypass players' antivirus protection, and you don't even need to have Genshin Impact currently installed on your machine to be susceptible to it.

What is this Genshin Impact anti-cheat driver vulnerability?

Anti-cheat software isn't particularly loved by gamers, but kernel-level anti-cheat drivers have been especially controversial in the gaming industry for some time now. This is because, in extremely basic terms, kernel-level files have a lot of power over your machine and operating system, and many players are uncomfortable with giving an anti-cheat driver that much control.

Now, it looks like those players might have some validation. According to Trend Micro (via PC Gamer), a Genshin Impact anti-cheat driver that runs on the kernel level has been used by ransomware actors to gain root access to a machine and kill antivirus protection. The file, which is named mhyprot2.sys, was present on the machine even though Genshin Impact was not installed.

A thorny landscape dotted by ruins and consisting of crumbling platforms in Genshin Impact
Genshin Impact might be a beautiful game, but it's hiding a potentially deadly security vulnerability.

Trend Micro researchers Hitomi Kimura and Ryan Soliven say they observed ransomware actors attempting to use mhyprot2.sys vulnerabilities to spread malware beyond a single device. The file can apparently be "integrated into any malware" and remains on your PC even after you've uninstalled Genshin Impact, which is worrying. Naturally, you're not vulnerable to this problem if you're playing Genshin on PlayStation.

What can you do about this Genshin Impact anti-cheat vulnerability?

Unfortunately, there isn't much that you as an end-user can do about this vulnerability. As Trend Micro notes, it's impossible to erase the file "once distributed", which means you can't access your file system and delete the anti-cheat driver even if the game isn't installed anymore. Genshin Impact's anti-cheat driver doesn't run after you close the game, but that doesn't appear to matter in terms of ransomware attackers accessing the file.

As Trend Micro points out, a user by the name of Kento Oki demonstrated the vulnerability to Hoyoverse back in 2020, but nothing came of that demonstration. At time of writing, the vulnerability remains, and there's no fix available on Hoyoverse's side (which is where the fix would need to come from, as end users can't do anything).

Characters like Senna, Lucian, Gwen, and Viego in stylish splash art for the League of Legends Sentinels of Light event
Riot Games' League of Legends also uses kernel-level anti-cheat, as do a number of other games.

Genshin Impact is far from the only game that uses kernel-level anti-cheat drivers, of course. Riot Games' anti-cheat software uses a kernel driver, as does Bethesda's Doom Eternal. Given the tremendous amount of access kernel-level files have to your computer, they do make for extremely effective anti-cheat mechanisms, but they evidently have their downsides as well.

Hoyoverse told us that the team is "currently working" on a solution to safeguard Genshin Impact players and prevent potential abuse of the anti-cheat function. In the meantime, if you're playing Genshin Impact on PC, make sure your antivirus definitions are up-to-date and ensure you've got some decent anti-malware software as well. This won't guarantee you protection from potential kernel-level ransomware attacks, but it's better than nothing.

Win a Switch OLED!!



Have a tip, or want to point out something we missed? e-mail us at [email protected] or join us on Discord!


More Info About This Game
Learn more about Genshin Impact
Game Page Genshin Impact
Release Date
September 28, 2020 (Calendar)
Purchase (Some links may be affiliated)