Nvidia’s Stolen Code-Signing Certs Used to Sign Malware

2022-03-07 17:46

Two of Nvidia's code-signing certificates were part of the Feb. 23 Lapsus$ Group ransomware attack the company suffered - certificates that are now being used to sign malware so malicious programs can slide past security safeguards on Windows machines.

Security researchers noted last week that binaries that hadn't been developed by Nvidia, but which had been signed with its stolen certificate to come off like legitimate Nvidia programs, had appeared in the malware sample database VirusTotal.

Last Tuesday, March 1, Lapsus$ demanded that Nvidia open-source its drivers, lest Lapsus$ do it itself.

Last Wednesday, March 2, the compromised-email notice site Have I Been Pwned put up an alert regarding 71,335 Nvidia employees' emails and NTLM password hashes having been leaked on Feb. 23, "Many of which were subsequently cracked and circulated within the hacking community."

Lapsus$ released a portion of the highly confidential stolen data, including source codes, GPU drivers and documentation on Nvidia's fast logic controller product, also known as Falcon and Lite Hash Rate, or LHR GPU. Lapsus$ demanded $1 million and a percentage of an unspecified fee from Nvidia for the Lite Hash Rate bypass.

Both of the stolen Nvidia code-signing certificates are expired, but they're still recognied by Windows, which allow a driver signed with the certificates to be loaded in the operating system, Bleeping Computer noted.

News URL

https://threatpost.com/nvidias-stolen-code-signing-certs-sign-malware/178784/

#cert #codesigning #malware #nvidia