Stolen NVIDIA certificates used to make malware appear trustworthy

Digital certificates stolen from NVIDIA during a recent network security breach are currently used in suspicious software payloads or malware to try and trick users’ computers into treating them as trustworthy software. Multiple security researchers have reported that they’ve amassed collections of suspicious software samples that use at least two of NVIDIA’s now stolen digital certificates. 

The certificates appear to be part of a data payload that was recently released by a group of criminal hackers affiliated with the Lapsus$ ransomware crew. The group put forth that it had breached NVIDIA’s network security and stolen an extensive cache of sensitive internal data. Included in this data are the stolen digital certificates.

While one of the stolen security certificates has been found to date back to 2014, it remains a recognized, valid, and trusted certificate to Windows systems. What this means is that hackers can now develop and release malware payloads and use the stolen certificates to make them appear as if they come directly from NVIDIA

NVIDIA is yet to respond to requests for comment concerning the leak of the certificates. However, the GPU giant maintains that the network breach didn’t result in any significant disruption to its day-to-day operations, and it doesn’t foresee this to change. In a statement earlier this week, NVIDIA said the following: ‘Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement. 

Researchers have, in the meantime, posted Yara rules that can detect and block malicious downloads and suspected malware. However, many end-users could still inadvertently install malware that they believe to be NVIDIA graphics card firmware, driver, and software updates. 

The breach apparently comes as a way to force NVIDIA to remove the Lite Hash Rate restrictions that make it impossible for its GPUs to perform the necessary equations to mine cryptocurrency. 

While you wait for NVIDIA to rectify the certificate leak, why not check out our comprehensive review of your built-in Windows Defender security utility? Windows Defender is anti-malware software pre-installed on every Windows 10 and 11 devices to protect you in the sometimes dangerous online landscape. While you’re browsing, check out this next-gen feature that makes Windows Defender even stronger.

Author: Russell Kidson

I hail from the awe-inspiring beauty of South Africa. Born and raised in Pretoria, I've always had a deep interest in local history, particularly conflicts, architecture, and our country's rich past of being a plaything for European aristocracy. 'Tis an attempt at humor. My interest in history has since translated into hours at a time researching everything from the many reasons the Titanic sank (really, it's a wonder she ever left Belfast) to why Minecraft is such a feat of human technological accomplishment. I am an avid video gamer (Sims 4 definitely counts as video gaming, I checked) and particularly enjoy playing the part of a relatively benign overlord in Minecraft. I enjoy the diverse experiences gaming offers the player. Within the space of a few hours, a player can go from having a career as an interior decorator in Sims, to training as an archer under Niruin in Skyrim. I believe video games have so much more to teach humanity about community, kindness, and loyalty, and I enjoy the opportunity to bring concepts of the like into literary pieces.