Security News > 2022 > March > Leaked stolen Nvidia key can sign Windows malware
An Nvidia code-signing certificate was among the mountain of files stolen and leaked online by criminals who ransacked the GPU giant's internal systems.
At least two binaries not developed by Nvidia, but signed this week with its stolen cert, making them appear to be Nvidia programs, have appeared in malware sample database VirusTotal.
Microsoft's Windows driver signing policy corroborates this, stating the operating system will run drivers "Signed with an end-entity certificate issued prior to July 29th 2015 that chains to a supported cross-signed CA". The leaked Nvidia certificate is just such a creature, having expired in 2014.
Another Nvidia cert was leaked though expired after the cut-off date.
Lapsus$, according to the group's Telegram page, are threatening Nvidia with the public release of more internal materials and details of chip blueprints unless the company promises to remove LHR. It seems wholly implausible that Nvidia would give in to such blackmail.
In a statement Nvidia previously said: "We are aware that the threat actor took employee passwords and some Nvidia proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information." It is maintaining an incident response page here.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/05/nvidia_stolen_certificate/
Related news
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Beware: These Fake Antivirus Sites Spreading Android and Windows Malware (source)
- New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems (source)
- Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS (source)