The Nvidia hack has reached a new and disturbing low. After hacker group Lapsus made off with over a terabyte of Nvidia data, including source code for DLSS and the private information of over 70,000 current and former employees, now we’re being told that hackers are using stolen security certificates to create fake GPU drivers that secretly contain malware.
Techpowerup and BleepingComputer (via PC Gamer) reports those security certificates are being used to create "a new breed of malware," including Cobalt Strike beacons, Mimikatz, backdoors, and Remote Access Trojans (RATs). Because this malware contains Nvidia's security certificate, they can infect your computer without triggering antivirus software.
Related: Destiny's Raid Race Had Server Issues, But That Doesn't Make Elysium's Win Invalid
Code-signing certificates are how Windows determines the original source and ownership of software. If a certificate indicates that code is from a trusted source, then Windows lets that code install without asking too many questions. If that certificate isn't from a trusted source or if it's not there at all, Windows will issue a warning message or not let that code run at all.
A security certificate from Nvidia means that hackers can create malware using Nvidia's credentials in order to bypass the usual security checks that Windows employs whenever it installs new software. This could result in a huge number of compromised computers if you download a file thinking it's from Nvidia when it's actually not.
PC Gamer said there are two serial numbers to look out for. Both are expired, but Windows will still let them through. If you're downloading any new drivers, make sure you check for these numbers first.
This only really matters
Read more on thegamer.com