Yep, it was too good to be true. A software tool claiming it can remove the Ethereum mining limiter on Nvidia’s RTX 3000 graphics cards is actually capable of delivering malware.
The tool’s creator, a mysterious developer known as “Sergey,” released a beta of the “LHR Unlocker” program this morning on his GitHub page, a few days ahead of a promised Saturday launch. However, a component inside the installer can fetch an Nvidia GeForce driver file that 18 different antivirus scans will detect as malware.
The malicious nature of LHR Unlocker was noticed by a Russian data scientist named Mikhail Stepanov, who posted an antivirus scan of the driver file on Sergey’s own GitHub page.
Stepanov, who mines cryptocurrency at his home, said he unpacked the installer and launched it on a virtual machine, but found no evidence it’ll unlock the Ethereum mining limiter on Nvidia’s RTX 3000 GPUs. Instead, the installer can fetch a malicious driver file from a server under the domain “drivers.sergeydev[.]com.”
“This is a common Trojan,” Stepanov told PCMag in a chat on Telegram. “Most likely they wanted to build a botnet.”
PCMag also unpacked the LHR Unlocker installer, and found that a component inside called “AI_FileDownload” does indeed lead to the domain “drivers.sergeydev[.]com” to fetch the malicious Nvidia driver file. Antivirus scans from Kaspersky, McAfee, Avast, Symantec, and Microsoft all detect it as a malicious file or as a Trojan. There is a chance the antivirus scans flagged the Nvidia driver file incorrectly. But in its current state, the beta LHR Unlocker program doesn't work.
So far, Sergey hasn’t commented on the malware allegations. His background is unclear, but a domain lookup shows sergeydev[.]com is registered
Read more on pcmag.com