GPUsNews

NVIDIA Certificates Are Being Used to Sign Malware and Trojans on Windows

A short while back, NVIDIA was hacked by a South American hacker group calling themselves Lapsus$. In addition to the source code for DLSS and LHR, the miscreants also leaked confidential hardware header and C++ files containing the configuration, parameters, and other firmware details of existing and future GPUs. Furthermore, the leak also includes two NVIDIA certificates used for signing the drivers and other executables distributed by the chipmaker.

A digital certificate allows developers to digitally sign executables and drivers so that Windows can verify their authenticity, thereby avoiding a tampered file from a malicious source. After Lapsus$ leaked NVIDIA’s certificate, it was quickly picked up by cyberthieves and bullies to sign malware, trojans, and backdoors which were then circulated on the internet.

Going by the samples uploaded to VirusTotal (a malware scanning service), the certificates were used to sign various malware and hacking tools, such as Cobalt Strike beacons, Mimikatz, backdoors, and remote access trojans.

Although both the NVIDIA certificates are expired, Windows still allows the installation of a driver signed with them. Microsoft has issued a statement acknowledging the security issue, and it should be fixed soon.

Areej

Computer hardware enthusiast, PC gamer, and almost an engineer. Former co-founder of Techquila (2017-2019), a fairly successful tech outlet. Been working on Hardware Times since 2019, an outlet dedicated to computer hardware and its applications.
Back to top button