@halva i remember some github project that used mhyprot...

@halva i remember some github project that used mhyprot as a way to read/write arbitrary process memory because they had little to no protection on malicious usage
and the driver was also used by some malware
so it was a really neat little signed kernel-mode driver :)

Like 15 Nov 2023 at 9:21 | Wall-to-wall | Open on wetdry.world

5 comments

halva is

@ipg so it's either "you play on linux and can catch the banhammer" or "your computer includes a wide open backdoor on R0"

coooool :)

15 Nov 2023 at 9:26 | Open on wetdry.world

Emma

@halva the best part is - the driver even existing is a vulnerability in Windows, you didn't need the game installed!
https://www.trendmicro.com/en_se/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html

15 Nov 2023 at 9:37 | Open on wetdry.world

halva is

@ipg yep yep, saw that already

actually fucking horrible, low-key scared of installing gi now that im back on windows

15 Nov 2023 at 9:46 | Open on wetdry.world

Susanna

@halva @ipg Honestly there is no need to worry. All these "vulnerable for abuse" things are usually something that require active participation from the user to pull off. If it would be that easy to do randomly over the internet it would be a huge scandal by now.

15 Nov 2023 at 10:23 | Open on blob.cat

Emma

@halva it's not much of a risk in your use case, the only things to worry about are if the developer servers get hacked or demanded by a third party (incredibly unlikely) or if you run malware locally on your PC while the driver is installed, in which case you have worse things to worry about since Windows by default still lets you access a lot of shit (all your passwords) even when unprivileged

15 Nov 2023 at 10:24 | Open on wetdry.world

Go Up