Nvidia's stolen data is being used to disguise malware as GPU drivers

pcgamer.com:

Because of leaked data linked to an Nvidia hack by a group calling itself Lapsus$, stolen code-signing certificates are being used to gain remote access to unsuspecting machines, and otherwise deploy malicious software.

According the Techpowerup, the certificates are being used to «develop a new breed of malware,» and BleepingComputer lists Cobalt Strike beacons, Mimikatz, backdoors, and Remote Access Trojans (RATs) as just some of the malware being deployed by this means.

If you're not aware, a code-signing certificate is something devs use to sign off executable files and drivers before rolling them out to the public. It's a more secure way for Windows and prospective users to verify the ownership of the original file. Microsoft requires kernel-mode drivers to be code signed, otherwise the OS will refuse to open the file.

If some hooligan signs off malware with a genuine code from Nvidia, your PC may not be able to catch the malware before it unpacks, and wreaks havoc on your system.

The recent digital siege of Nvidia saw Lapsus$ demanding the company release a hashrate limiter bypass, a demand that was not met. The fallout resulted in not only code-signing certificates being leaked, but also 71,000 of employee's credentials, Nvidia's DLSS source code, and perhaps even some next-gen GeForce GPU names.

As part of the #NvidiaLeaks, two code signing certificates have been compromised. Although they have expired, Windows still allows them to be used for driver signing purposes. See the talk I gave at BH/DC for more context on leaked certificates: https://t.co/UWu3AzHc66 pic.twitter.com/gCrol0BxHdMarch 3, 2022

Best chair for gaming: the top gaming chairs aroundBest gaming desk: the ultimate PC podiumsBest PC controller: sit