Hackers Are Making Fake GPU Drivers Using Nvidia’s Stolen Data

The Nvidia hack has reached a new and disturbing low. After hacker group Lapsus made off with over a terabyte of Nvidia data, including source code for DLSS and the private information of over 70,000 current and former employees, now we’re being told that hackers are using stolen security certificates to create fake GPU drivers that secretly contain malware.

Techpowerup and BleepingComputer (via PC Gamer) reports those security certificates are being used to create "a new breed of malware," including Cobalt Strike beacons, Mimikatz, backdoors, and Remote Access Trojans (RATs). Because this malware contains Nvidia's security certificate, they can infect your computer without triggering antivirus software.

Code-signing certificates are how Windows determines the original source and ownership of software. If a certificate indicates that code is from a trusted source, then Windows lets that code install without asking too many questions. If that certificate isn't from a trusted source or if it's not there at all, Windows will issue a warning message or not let that code run at all.

A security certificate from Nvidia means that hackers can create malware using Nvidia's credentials in order to bypass the usual security checks that Windows employs whenever it installs new software. This could result in a huge number of compromised computers if you download a file thinking it's from Nvidia when it's actually not.

PC Gamer said there are two serial numbers to look out for. Both are expired, but Windows will still let them through. If you're downloading any new drivers, make sure you check for these numbers first.

  • 43BB437D609866286DD839E1D00309F5
  • 14781bc862e8dc503a559346f5dcc518

This only really matters if you're manually downloading new Nvidia drivers. Drivers that automatically download through Nvidia Experience should be safe.

Lapsus is on a rampage. Not only have they hacked Nvidia, but they've also stolen almost 200GB of data from Samsung, including source code and biometric data. Some of that data also includes Samsung's Trusted Applets code, so Samsung devices might have to worry about similar malware infecting their phones too.

Source: Read Full Article