NVIDIA Certificates Are Being Used to Sign Malware and Trojans on Windows

A short while back, NVIDIA was hacked by a South American hacker group calling themselves Lapsus$. In addition to the source code for DLSS and LHR, the miscreants also leaked confidential hardware header and C++ files containing the configuration, parameters, and other firmware details of existing and future GPUs. Furthermore, the leak also includes two NVIDIA certificates used for signing the drivers and other executables distributed by the chipmaker.

A digital certificate allows developers to digitally sign executables and drivers so that Windows can verify their authenticity, thereby avoiding a tampered file from a malicious source. After Lapsus$ leaked NVIDIA’s certificate, it was quickly picked up by cyberthieves and bullies to sign malware, trojans, and backdoors which were then circulated on the internet.

Going by the samples uploaded to VirusTotal (a malware scanning service), the certificates were used to sign various malware and hacking tools, such as Cobalt Strike beacons, Mimikatz, backdoors, and remote access trojans.

Although both the NVIDIA certificates are expired, Windows still allows the installation of a driver signed with them. Microsoft has issued a statement acknowledging the security issue, and it should be fixed soon.

Areej Syed

Processors, PC gaming, and the past. I have been writing about computer hardware for over seven years with more than 5000 published articles. Started off during engineering college and haven't stopped since. Mass Effect, Dragon Age, Divinity, Torment, Baldur's Gate and so much more... Contact:
Back to top button