Security News > 2022 > March > Leaked stolen Nvidia key can sign Windows malware
An Nvidia code-signing certificate was among the mountain of files stolen and leaked online by criminals who ransacked the GPU giant's internal systems.
At least two binaries not developed by Nvidia, but signed this week with its stolen cert, making them appear to be Nvidia programs, have appeared in malware sample database VirusTotal.
Microsoft's Windows driver signing policy corroborates this, stating the operating system will run drivers "Signed with an end-entity certificate issued prior to July 29th 2015 that chains to a supported cross-signed CA". The leaked Nvidia certificate is just such a creature, having expired in 2014.
Another Nvidia cert was leaked though expired after the cut-off date.
Lapsus$, according to the group's Telegram page, are threatening Nvidia with the public release of more internal materials and details of chip blueprints unless the company promises to remove LHR. It seems wholly implausible that Nvidia would give in to such blackmail.
In a statement Nvidia previously said: "We are aware that the threat actor took employee passwords and some Nvidia proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information." It is maintaining an incident response page here.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/05/nvidia_stolen_certificate/
Related news
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)