Skip to main content

Hackers are using stolen Nvidia certificates to hide malware

Nvidia code-signing certificates that were extracted from a recent hack of the chip maker are being used for malware purposes, according to security researchers.

Hacking group LAPSUS$ recently claimed to have stolen 1TB of data from Nvidia. Now, sensitive information has appeared online in the form of two code-signing certificates that are used by Nvidia developers to sign their drivers.

A person surrounded by several computers types on a laptop.
Digital Trends

As reported by BleepingComputer, the compromised signing certificates expired in 2014 and 2018, respectively. However, Windows still enables drivers to be authorized with these certificates. As a result, malware can be masked by them in order to appear trustworthy, subsequently paving the way for harmful drivers to be opened in a Windows PC without being detected.

Recommended Videos

Certain variations of malware that were signed with the aforementioned Nvidia certificates were discovered on VirusTotal, a malware scanning service. The samples that were uploaded found that they were being used to sign hacking tools and malware, including Cobalt Strike Beacon, Mimikatz, backdoors, and remote access trojans.

One individual was able to use one of the certificates to sign a Quasar remote access trojan. In another case, a Windows driver was signed by a certificate, which resulted in 26 security vendors flagging the file as malicious as of the time of this writing.

BleepingComputer says certain files could in all likelihood have been uploaded to VirusTotal by security researchers. There is also evidence that appears to suggest that other files that were checked by the service were uploaded by individuals and hackers who wish to spread malware; one such file was flagged as malicious by 54 security vendors.

Once a threat actor uncovers the method to integrate these stolen certificates, they can make programs that appear to be official Nvidia applications. Once opened, malicious drivers will then be loaded onto a Windows system.

David Weston, director of enterprise and OS security at Microsoft, commented on the situation on Twitter. He stated that an admin will be able to configure Windows Defender Application Control (WDAC) policies in order to manage which specific Nvidia driver can be loaded onto the system. However, as BleepingComputer points out, being familiar with implementing WDAC is not a common trait among the average Windows user.

So what does this all actually mean for Windows users? In a nutshell, those who create malware can target individuals with malicious drivers that can’t be easily detected. They typically spread such files through Google via fake driver download websites. With this in mind, don’t download any drivers from suspicious and untrustworthy websites. Instead, download them directly from Nvidia’s official website moving forward. Microsoft, meanwhile, is likely working on revoking the certificates in question.

Elsewhere, LAPSUS$ is expected to release a 250GB hardware folder it obtained from the Nvidia hack. It initially threatened to make it available last Friday should Nvidia fail to make its GPU drivers completely open-source “from now on and forever.” The group has already leaked Team Green’s proprietary DLSS code, while it also claims to have stolen the algorithm behind Nvidia’s crypto-mining limiter.

Zak Islam
Former Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Hackers are leveraging pirated games to spread malware
A man stands in front of a gaming PC.

Pirated or cracked versions of games have long been a hotbed for malware distribution, and cybercriminals are now using CAPTCHA challenges to make their attacks even more effective.

According to a recent report by McAfee Labs, attackers are leveraging CAPTCHA to trick users into thinking that malicious websites or downloads are legitimate. Security researchers first detected the use of CAPTCHAs in malware delivery schemes last month.

Read more
Nvidia ARM laptops may be in the works, and that could change everything
Intel and Nvidia badges on the Asus ROG Zephyrus G16.

Imagine a laptop with an iteration of Nvidia’s ARM-based CPU combined with a powerful RTX graphics card, all enhanced by AI. Years ago, that would have sounded outlandish, but now it seems like it could actually happen.

In a recent interview with Bloomberg, Nvidia CEO Jensen Huang and Dell CEO Michael Dell more or less confirmed that Team Green will enter the AI-PC hype next year.

Read more
Nvidia DLSS is amazing, but only if you use it the right way
Lies of P on the KTC G42P5.

Nvidia's Deep Learning Super Sampling, or DLSS, has become a cornerstone feature of modern PC games. It started as a way to boost your performance by rendering a game at a lower resolution, but the prominence and popularity of DLSS have prompted Nvidia to add even more features under the name.

Today, DLSS incorporates several different features, all of which leverage AI to boost performance and/or image quality. It can be intimidating if you're a new RTX user, so I'm here to break down all of the increases of DLSS in 2024 and how you can best leverage it in supported games.
The many features of DLSS

Read more