Malware authors are using stolen Nvidia certificates to to make their software seem trustworthy
Nvidia's cyber-attack is getting more damaging by the day
Published: 7th March 2022 | Source: Beeping Computer |
Old Nvidia software signing certificates are now being used to sign malware
Last month, Nvidia were attacked by LAPSUS$, a hacking group that stole more than 1TB of data from the company. These attackers gave Nvidia a set of demands, stating that they would not release the company's data if they complied. Nvidia has not met these demands, resulting in a lot of Nvidia's stolen data being leaked online. This data includes Nvidia's DLSS source code and a set of expired software signing certificates.
Bleeping Computer has reported that malware authors are using Nvidia's software signing certificates to make their malicious software appear trustworthy. While Nvidia's stolen software signing certificates are expired, Windows PCs can still see signed software as legitimate. This presents a major security risk to PC users.
Code signing certificates allow developers to sign their executables and drivers to allow Windows and Windows users to verify who created their software. This helps to ensure that software has not been tampered with by 3rd parties. Nvidia's stolen software signing certificates will allow malware to appear as if it is legitimate Nvidia software, at least until Microsoft revokes these certificates and updates their OS' to not load software that is signed by these certificates.
Nvidia's driver signing code has reportedly been used to sign a Quasar remote access trojan, and other malware and hacking tools. Let's hope that Nvidia and Microsoft act quickly to limit the impact of this dangerous breach.
You can join the discussion on Nvidia's driver signing code being used by malware authors on the OC3D Forums.