The fallout continues from the ransomware attack that targeted Nvidia, as it has been discovered that some of the company’s older GPU drivers can now conceal malware. According to TechPowerUp, stolen code-signing certificates are being used to place malware on unsuspecting PCs. This was also confirmed by @BillDemirkapi on Twitter. The code-signing certificates expired in 2014 and 2018, but that doesn’t stop Windows from recognizing these as legitimate. And this could be a massive issue for those who aren’t sure what to look out for.
BleepingComputer pointed out the kinds of malware making the rounds. These include Cobalt Strike Beacons, Mimikatz, backdoors, and Remote Access Trojans. This is clearly a problematic situation for Nvidia, and it’s unknown how much worse the situation could become in the next few weeks. But for now, it’s important that users remain vigilant for anything that seems out of the ordinary. Particularly when it comes to downloading drivers for their graphics cards.
Code-signing certificates are used by developers to put a digital signature on drivers and executables. It’s there to verify if something is what it says it is. If the certificate isn’t valid, Windows will let you know. This is why malicious software using these certificates is such a dangerous thing. Windows isn’t able to tell if the file is dangerous, and before you know it, your PC is in danger. Additionally, if users aren’t able to identify the difference between a real driver and a fake one, it could end up infecting a lot of unsuspecting PCs. However, there are cautionary measures users can take.
(Image credit: BleepingComputer).
Thanks to security researchers Kevin Beaumont and Will Dormann, the serial numbers for the stolen
Read more on pcinvasion.com