Stolen NVIDIA certificates are now used to sign malware

Published: Mar 7th 2022, 07:42 GMT   Comments

NVIDIA signing certificates that expired in 2014/2018 are now used to sign malware

The first batch of files that were published by the extortion group included NVIDIA signing certificates that are now being used to sign malware, security researches discover. 

The hacking group LAPSUS$ gained access to internal NVIDIA systems two weeks ago. The group demanded a ransom in exchange for not publishing the stolen data. It was reported that as much as 200 GB of files related to hardware and 1 TB of data overall were stolen. This includes files referring to unreleased architectures such as RTX 40 “Ada” or future data-center products like Blackwell. To make matters worse, hackers also published source code for one of NVIDIA’s biggest secret, the DLSS AI upscaling technology.

Security researchers have discovered that the signing certificate that were also included in this first batch of files are now used by malware.

What is important to note here is that both leaked signing certificates are expired, however Windows operating system still allows the drivers signed with those certificates to be loaded with the system which poses a great security risk.

NVIDIA certificates used to sign malware, Source: Florian Roth

At this point, there is no easy way to prevent software signed with those certificates to be loaded with the operating system, other than creating Windows Defender policies manually. Microsoft should revoke those certificates in the future, but this might take time and for some users this might be too late.

NVIDIA certificates used to sign malware, Source: Florian Roth

Over the weekend, the same hacking group announced they successfully infiltrated Samsung servers and immediately began sharing the files. Users should remember only to download the files from known sources.

Source: BleepingComputer via TechPowerUP

Comment Policy
  1. Comments must be written in English and should not exceed 1000 characters.
  2. Comments deemed to be spam or solely promotional in nature will be deleted. Including a link to relevant content is permitted, but comments should be relevant to the post topic. Discussions about politics are not allowed on this website.
  3. Comments and usernames containing language or concepts that could be deemed offensive will be deleted.
  4. Comments complaining about the post subject or its source will be removed.
  5. A failure to comply with these rules will result in a warning and, in extreme cases, a ban. In addition, please note that comments that attack or harass an individual directly will result in a ban without warning.
  6. VideoCardz has never been sponsored by AMD, Intel, or NVIDIA. Users claiming otherwise will be banned.
  7. VideoCardz Moderating Team reserves the right to edit or delete any comments submitted to the site without notice.
  8. If you have any questions about the commenting policy, please let us know through the Contact Page.
Hide Comment Policy