A security-related company trend Micro reported on August 25 that the anti-cheat configuration file of the open world RPG Harajin developed and operated by HOYOVERSE has been abused by ransomware attackers.

According to the report, the trend micro analyzed a ransomware infection case in July this year. As a result, the driver MHYPROT2.Sys revealed that the endpoint protection process had been forcibly terminated through kernel mode. Ransomware is a malware that makes the file in the device cannot be used by encryption, etc., and requires money in exchange for restoration. In 2020, Capcom has been talked about ransomware damage (related article).

This MHYPROT2.sys is a device driver contained in the anti-cheat configuration file of Harajin. In the anti-cheat system of many games, including Harajin, it operates at a kernel level with powerful authority on a PC to take more effective cheat measures. The ransomware discovered this time, abusing its characteristics, stopping the protection process of the victim’s PC, stopping antivirus software, and installing ransomware.

In addition, the attacker is obtained by obtaining MHYPROT2.sys and abusing it, and if the PC is not installed on the PC, it will not be infected with this ransomware. Conversely, installing Harajin is not dangerous.

Trend Micro warns that MHYPROT2.Sys is a regular driver with code signatures, and due to its ease of obtaining and versatility, it may be abused over a long period of time. The driver could continue to investigate because it could be incorporated into all malware. On the other hand, there is no solution at this time. The company recommends corporate security officials to monitor the hash value indicating MHYPROT2.Sys. For details, please check the post on the company’s official website.