After criminals captured a wealth of data from Nvidia, stolen certificates are now being used to disguise malware.
Late last month it became known that hacker collective Lapsus$ had broken into Nvidia. The exact loot was not clear, but the hackers claimed to possess data on tens of thousands of employees, as well as data on new GPUs. Lapsus$ also misappropriated certificates that Nvidia uses to sign its legitimate software.
Two samples of viruses that used rogue code signed with the stolen certificates already appeared in malware database VirusTotal. Thus, the malware looks like a legitimate program originating from Nvidia. The certificates in question have since expired, but Windows still allows them to sign drivers for now.
Compatibility problem vs. malware
Windows intentionally turns a blind eye to old certificates in the case of drivers. By doing so, the operating system wants to solve compatibility problems with old software. Microsoft is looking into how to fix the issue.
Nvidia initially tried to hack Lapsus$ itself and encrypt the stolen data. It succeeded, but Lapsus$ had backups. More and more information of those is now appearing online. The hackers’ demands include a ransom and new GPU drivers that no longer block cryptomining. Nvidia does not appear to have any intention of responding to the demands. Meanwhile, it seems that Lapsus$ also stole data from Samsung in a new hack.