Kernel Level Anti-Cheats: Difference between revisions
Add example |
|||
| Line 16: | Line 16: | ||
If a malicious actor was to discover a security issue in a kernel level anti-cheat significant enough to allow them to hijack the software, they would be able to directly execute code at its level of access, allowing them to bypass security measures put in place by the {{Wplink|operating system}} and {{Wplink|Antivirus software|anti-virus software}}. | If a malicious actor was to discover a security issue in a kernel level anti-cheat significant enough to allow them to hijack the software, they would be able to directly execute code at its level of access, allowing them to bypass security measures put in place by the {{Wplink|operating system}} and {{Wplink|Antivirus software|anti-virus software}}. | ||
This is not a purely hypothetical scenario; it has already taken place in an incident with the popular {{Wplink|Gacha game|gacha}} co-op adventure [[Genshin Impact|''Genshin Impact'']], where the game's anti-cheat '''mhyprot2.sys''<nowiki/>' was hijacked by malicious actors to disable users' anti-virus software, with the intent of distributing {{Wplink|ransomware}}.<ref>{{Cite web |last=Soliven |first=Ryan |last2=Kimura |first2=Hitomi |date=2022-08-24 |title=Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus |url=https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html}}</ref> | This is not a purely hypothetical scenario; it has already taken place in an incident with the popular {{Wplink|Gacha game|gacha}} co-op adventure [[Genshin Impact|''Genshin Impact'']], where the game's anti-cheat '''mhyprot2.sys''<nowiki/>' was hijacked by malicious actors to disable users' anti-virus software, with the intent of distributing {{Wplink|ransomware}}.<ref>{{Cite web |last=Soliven |first=Ryan |last2=Kimura |first2=Hitomi |date=2022-08-24 |title=Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus |url=https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html}}</ref> | ||
Another perfect example is Hotta Studios' Tower of Fantasy game. Users have reported that the kernel-level anticheat 'ksophon_x64.sys' has caused BSOD along with the DPC_WATCHDOG_VIOLATION. This incidents occur when the game is uninstalled, launched, closed, or even running before the new publisher Perfect World Games. As of now, since the update by the company, the file doesn't appear to exist in System32/drivers. | |||
==Further reading== | ==Further reading== | ||
| Line 23: | Line 25: | ||
*[[Hoyoverse]]'s [[Genshin Impact|''Genshin Impact'']] has used a kernel-level anti-cheat since launch. | *[[Hoyoverse]]'s [[Genshin Impact|''Genshin Impact'']] has used a kernel-level anti-cheat since launch. | ||
*Riot Games' Valorant uses an in house kernel-level anticheat called [https://support-valorant.riotgames.com/hc/en-us/articles/360046160933-What-is-Vanguard Vanguard] | *Riot Games' Valorant uses an in house kernel-level anticheat called [https://support-valorant.riotgames.com/hc/en-us/articles/360046160933-What-is-Vanguard Vanguard] | ||
*Kuro Games' Wuthering Waves uses a kernel-level anticheat called ACE (Anti-Cheat Expert) since launch. | |||
*Hotta Studios' Tower of Fantasy's history of kernel-level anticheat caused BSOD and would stay even after uninstalling the game. | |||
*Some Windows games with kernel-level anticheat has prevented Linux users from launching even with Wine/Proton layer. | |||
*Arrowhead Game Studios' Helldivers 2 uses a kernel-level anticheat called nProtect GameGuard. | |||
==References== | ==References== | ||