Security News > 2022 > March > Leaked stolen Nvidia key can sign Windows malware

Leaked stolen Nvidia key can sign Windows malware
2022-03-05 04:09

An Nvidia code-signing certificate was among the mountain of files stolen and leaked online by criminals who ransacked the GPU giant's internal systems.

At least two binaries not developed by Nvidia, but signed this week with its stolen cert, making them appear to be Nvidia programs, have appeared in malware sample database VirusTotal.

Microsoft's Windows driver signing policy corroborates this, stating the operating system will run drivers "Signed with an end-entity certificate issued prior to July 29th 2015 that chains to a supported cross-signed CA". The leaked Nvidia certificate is just such a creature, having expired in 2014.

Another Nvidia cert was leaked though expired after the cut-off date.

Lapsus$, according to the group's Telegram page, are threatening Nvidia with the public release of more internal materials and details of chip blueprints unless the company promises to remove LHR. It seems wholly implausible that Nvidia would give in to such blackmail.

In a statement Nvidia previously said: "We are aware that the threat actor took employee passwords and some Nvidia proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information." It is maintaining an incident response page here.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/05/nvidia_stolen_certificate/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Nvidia 239 12 178 319 15 524