{"id":48130,"date":"2022-08-24T00:00:00","date_gmt":"2022-08-24T00:00:00","guid":{"rendered":"urn:uuid:602d2600-0748-423a-8251-c0bd5f0ef2c8"},"modified":"2022-08-24T00:00:00","modified_gmt":"2022-08-24T00:00:00","slug":"ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/","title":{"rendered":"Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/Genshin%20blog%20banner.png\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/Genshin%20blog%20banner.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>The <i>mhyprot2.sys<\/i> driver that was found in this sequence was the one built in August 2020. Going back to social media streams, we can see that shortly after Genshin Impact was released in September 2020, this module was discussed in the gaming community because it was <a href=\"https:\/\/www.gamepur.com\/guides\/does-genshin-impact-have-spyware\" target=\"_blank\" rel=\"noopener\">not removed even after the game was uninstalled<\/a> and because it <a href=\"https:\/\/www.unknowncheats.me\/forum\/anti-cheat-bypass\/419457-mhyprot2-read-process-kernel-memory-valid-signature-driver-2.html\" target=\"_blank\" rel=\"noopener\">allowed bypassing of privileges<\/a>.<\/p>\n<p><a href=\"https:\/\/github.com\/kagurazakasanae\/Mhyprot2DrvControl\" target=\"_blank\" rel=\"noopener\">A PoC<\/a>, provided by user <a href=\"https:\/\/github.com\/kagurazakasanae\/Mhyprot2DrvControl\" target=\"_blank\" rel=\"noopener\">kagurazakasanae<\/a>, showed that a library terminated 360 Total Security. A more comprehensive <a href=\"https:\/\/github.com\/kkent030315\/evil-mhyprot-cli\" target=\"_blank\" rel=\"noopener\">PoC<\/a>, provided by <a href=\"https:\/\/github.com\/kkent030315\" target=\"_blank\" rel=\"noopener\">Kento Oki<\/a>, had the following capabilities:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Read\/Write any kernel memory with privilege of kernel from user mode.<br \/><\/span><\/li>\n<li><span class=\"rte-red-bullet\">Read\/Write any user memory with privilege of kernel from user mode.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Enumerate a number of modules by specific process id.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Get system uptime.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Enumerate threads in a specific process, allowing reading of the PETHREAD structure in the kernel directly from the command-line interface (CLI).<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Terminate a specific process by process id with <i>ZwTerminateProcess<\/i>, which calls in the vulnerable driver context (<i>ring-0<\/i>).<\/span><\/li>\n<\/ul>\n<p>The issue was also reported by Kento Oki to miHoYo, the developer of Genshin Impact, as a vulnerability. Kento Oki\u2019s PoC led to more discussions, but the provider did not acknowledge the issue as a vulnerability and did not provide a fix. Of course, the code-signing certificate is still valid and has not been revoked until now and the digital signature for code signing as a device driver is still valid at this time.<\/p>\n<p><span class=\"body-subhead-title\">Complications of code signing as a device driver&nbsp;<\/span><\/p>\n<p>It is still rare to find a module with code signing as a device driver that can be abused. The point of this case is that a legitimate device driver module with valid code signing has the capability to bypass privileges from user mode to kernel mode. Even if a vendor acknowledges a privilege bypass as a vulnerability and provides a fix, the module cannot be erased once distributed. This file has a code signature for the driver, which allows this module to be loaded in kernel mode. If the signature was signed for a malicious module through private key theft, the certificate can be revoked to invalidate the signature. However, in this case, it is an abuse of a legitimate module. It seems that there is no compromise of the private key, so it is still not known if the certificate will be revoked. It remains valid, at least for now.&nbsp;<\/p>\n<p>As mentioned above, this module is very easy to obtain and will be available to everyone until it is erased from existence. It could remain for a long time as a useful utility for bypassing privileges. Certificate revocation and antivirus detection might help to discourage the abuse, but there are no solutions at this time because it is a legitimate module.<\/p>\n<p><span class=\"body-subhead-title\">How to counter abuse: monitoring and detection<\/span><\/p>\n<p>There are only a limited number of driver files with valid signatures that are expected to have behavior comparable to the privilege bypassing we report here. We recommend that security teams and network defenders monitor the presence of the hash values within their organizations. We have confirmed that privilege bypassing is possible in at least this file:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\"><i>mhyprot2.sys<\/i> (0466e90bf0e83b776ca8716e01d35a8a2e5f96d3)<\/span><\/li>\n<\/ul>\n<p>In addition, we recommend monitoring Windows event logs for the installation of the service corresponding to the driver. If the installation of the service was not intended, compromise is strongly suspected:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Windows Event Log (System) \u2013 7045: A new service was installed in the system. Service name: <i>mhyprot2<\/i>.<\/span><\/li>\n<\/ul>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/h\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":48131,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9508,9555,9539,9509],"class_list":["post-48130","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-endpoints","tag-trend-micro-research-exploitsvulnerabilities","tag-trend-micro-research-ransomware","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-24T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/Genshin%20blog%20banner.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus\",\"datePublished\":\"2022-08-24T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\\\/\"},\"wordCount\":594,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Exploits&amp;Vulnerabilities\",\"Trend Micro Research : Ransomware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\\\/\",\"name\":\"Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.png\",\"datePublished\":\"2022-08-24T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.png\",\"width\":640,\"height\":351},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/","og_locale":"en_US","og_type":"article","og_title":"Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-08-24T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/h\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/Genshin%20blog%20banner.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus","datePublished":"2022-08-24T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/"},"wordCount":594,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Endpoints","Trend Micro Research : Exploits&amp;Vulnerabilities","Trend Micro Research : Ransomware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/","url":"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/","name":"Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.png","datePublished":"2022-08-24T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/08\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.png","width":640,"height":351},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48130","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=48130"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48130\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/48131"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=48130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=48130"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=48130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}