Consumer Rights Wiki

Kernel level anti-cheats: Difference between revisions

← Older edit
VisualWikitext
Rudxain (talk | contribs)
confirmed, superconfirmed
889 edits
m link "capability to track" to Spyware
Rudxain (talk | contribs)
confirmed, superconfirmed
889 edits
m add code tags
 
Line 15: Line 15:
If a malicious actor was to discover a security issue in a kernel level anti-cheat significant enough to allow them to hijack the software, they would be able to directly execute code at its level of access, allowing them to bypass security measures put in place by the {{Wplink|operating system}} and {{Wplink|Antivirus software|anti-virus software}}.
If a malicious actor was to discover a security issue in a kernel level anti-cheat significant enough to allow them to hijack the software, they would be able to directly execute code at its level of access, allowing them to bypass security measures put in place by the {{Wplink|operating system}} and {{Wplink|Antivirus software|anti-virus software}}.


This is not a purely hypothetical scenario; it has already taken place in an incident with the popular {{Wplink|Gacha game|gacha}} co-op adventure [[Genshin Impact|''Genshin Impact'']], where the game's anti-cheat '''mhyprot2.sys''<nowiki/>' was hijacked by malicious actors to disable users' anti-virus software, with the intent of distributing {{Wplink|ransomware}}.<ref>{{Cite web |last=Soliven |first=Ryan |last2=Kimura |first2=Hitomi |date=2022-08-24 |title=Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus |url=https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html |access-date=Aug 4, 2025 |website=Trend |archive-url=http://web.archive.org/web/20260208191733/https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html |archive-date=8 Feb 2026}}</ref>
This is not a purely hypothetical scenario; it has already taken place in an incident with the popular {{Wplink|Gacha game|gacha}} co-op adventure [[Genshin Impact|''Genshin Impact'']], where the game's anti-cheat <code>mhyprot2.sys</code> was hijacked by malicious actors to disable users' anti-virus software, with the intent of distributing {{Wplink|ransomware}}.<ref>{{Cite web |last=Soliven |first=Ryan |last2=Kimura |first2=Hitomi |date=2022-08-24 |title=Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus |url=https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html |access-date=Aug 4, 2025 |website=Trend |archive-url=http://web.archive.org/web/20260208191733/https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html |archive-date=8 Feb 2026}}</ref>


Another perfect example is Hotta Studios' Tower of Fantasy game. Users have reported that the kernel-level anticheat 'ksophon_x64.sys' has caused [[wikipedia:Blue_screen_of_death|BSOD]] along with the DPC_WATCHDOG_VIOLATION. This incident occurs when the game is uninstalled, launched, closed, or even running before the new publisher Perfect World Games. As of now, since the update by the company, the file doesn't appear to exist in System32/drivers.
Another perfect example is Hotta Studios' Tower of Fantasy game. Users have reported that the kernel-level anticheat <code>ksophon_x64.sys</code> has caused [[wikipedia:Blue_screen_of_death|BSOD]] along with the <code>DPC_WATCHDOG_VIOLATION</code>. This incident occurs when the game is uninstalled, launched, closed, or even running before the new publisher Perfect World Games. As of now, since the update by the company, the file doesn't appear to exist in <code>System32/drivers</code>.


===Support issues===
===Support issues===
Retrieved from "https://consumerrights.wiki/w/Kernel_level_anti-cheats"