You are viewing a single thread.
View all comments View context
10 points

Kernel level anticheat software opens up a new attack vector for malicious actors

This is one of my favorite techniques used by threat actors.

Essentially, for those of you who aren’t familiar with the BYOVDD technique, code is signed by companies when it is set to publish. This signature is proof that the company actually released the code, and generally, if the code is signed by someone you trust, it means that it doesn’t contain malware.

However, programmers are often bad about writing secure code. Security is hard, and kernel-level code is complex, so things slip through the cracks and the code becomes vulnerable to exploitation from the threat actor.

The fun part is when there is signed code that operates at the kernel level. To an OS and many security systems, signed code is good code. If a threat actor exploits signed code to arbitrarily do things like download and execute malware, or just behave maliciously, security software often throws up its hands and goes “Well, it is signed by a trusted company, it’s probably fine lol.” But because this code operates at such a privileged level, the amount of damage that can be done is devastating.

This was used in 2022 by threat actors to spread ransomware. The vulnerable kernel-level software they used was Genshin Impact’s anticheat.

Thankfully, crafting an exploit like this is pretty difficult to do, and since the signatures used for the code is revoked when malicious activity is seen, it is unlikely that you will see this specific technique used against you on your personal computer. But your IT and/or cybersecurity team might see the Helldivers anticheat used to ransom their systems sometime in the future.

permalink
report
parent
reply

Helldivers 2

!helldivers2@lemmy.ca

Create post

Welcome to the Helldivers 2 Community on the Fediverse.

Links

Galactic War Status

Rules

  • Be kind to other Citizens of Super Earth
  • No discussion of cheats or bug exploits.
  • Posts or comments with leaked / unreleased info must be clearly labelled. Example: Use [Spoiler] in the title or spoiler tag in comments.
  • No spam or advertising (YouTube, Twitch, etc)

Community stats

  • 435

    Monthly active users

  • 577

    Posts

  • 6K

    Comments

Community moderators