Security News > 2022 > March > Leaked stolen Nvidia key can sign Windows malware
An Nvidia code-signing certificate was among the mountain of files stolen and leaked online by criminals who ransacked the GPU giant's internal systems.
At least two binaries not developed by Nvidia, but signed this week with its stolen cert, making them appear to be Nvidia programs, have appeared in malware sample database VirusTotal.
Microsoft's Windows driver signing policy corroborates this, stating the operating system will run drivers "Signed with an end-entity certificate issued prior to July 29th 2015 that chains to a supported cross-signed CA". The leaked Nvidia certificate is just such a creature, having expired in 2014.
Another Nvidia cert was leaked though expired after the cut-off date.
Lapsus$, according to the group's Telegram page, are threatening Nvidia with the public release of more internal materials and details of chip blueprints unless the company promises to remove LHR. It seems wholly implausible that Nvidia would give in to such blackmail.
In a statement Nvidia previously said: "We are aware that the threat actor took employee passwords and some Nvidia proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information." It is maintaining an incident response page here.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/05/nvidia_stolen_certificate/
Related news
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)