For those that don't RTA; you don't need the game installed. The malware authors are making use of a signed .sys file.

Things like this shouldn't require the company to revoke the certificate. The issuing authority should nuke it. Yes, that would kill the game (and perhaps other stuff) until they fix the problem--their flaw, they have to live with the consequences. It would be an incentive to be more careful next time.

I'm honestly surprised it took this long. Beware of "anti-cheat" drivers that often poke more holes than they plug.

I wouldn't even call it "anti-cheat". It's a (online) single-player game with co-op challenges. There's no PvP, leaderboards, joint loot, nothing. "Cheating" would just involve unlocking characters or faking damage.

It's more akin to SecuROM and co. than BattlEye, in a way. (You can't OpenProcess(...) the game EXE) But either way it's completely useless and unnecessary.

In other words it is just defective by design Digital Restrictions Management.

"Running complex programs with network access with system priviledges is a good idea" /s

People never learn. They don't have time for this.

> I'm honestly surprised it took this long.

It didn't take this long, though. This kind of thing happens all the time. Here it is happening to the same game back in 2020: https://github.com/Luohuayu/evil-mhyprot-cli

you need administrator privileges to load a driver anyways, you're fucked if malware has admin permissions

I don't understand why the driver is code signed for so long time. AFAIK Genshin Impact receives updates at least once per month and it is always online game. So why don't they limit the drivers lifetime to e.g. 6 months?

Sadly, it's not even some vulnerable previous version, AFAIK the current driver is the same version. It's a mess, and I'm frankly annoyed it hasn't been blacklisted by now.

is PunkBuster safe?