Skip to main content

Nvidia's hacked data is being actively used to disguise malware as legit files

posted onMarch 9, 2022
by l33tdawg
Android Police
Credit: Android Police

In late February, the cyber gang calling itself Lapsus$ broke into Nvidia's internal network and managed to steal a lot of sensitive data, from hashed login credentials to critical trade secrets behind the company's chips. The hackers demanded Nvidia remove the lock on its newer GPUs that automatically slowed them down when mining cryptocurrency and was given until March 4 to comply — or Lapsus$ would release those trade secrets. The cybercriminals have started making good on their threats, and now the fallout from their data dump threatens to help malware avoid detection.

The stolen info included some of the cryptographic certificates Nvidia uses so users can verify that drivers and executable files for their GPUs are authentic. As Bleeping Computer points out, hackers are now using those pilfered certificates to mask a variety of malware. This means cyberattackers can make malicious programs appear like legit Nvidia software — and even though these are older, expired certificates, Windows will still load drivers signed with them.

Multiple types of malware have already been spotted masking themselves with these seemingly valid certificates, including a remote access trojan (RAT) called Quasar. Stratosphere Labs analyzed Quasar in 2019 and found — without naming a culprit — that it had been used in past cyberattacks against Ukraine. While Microsoft VP for OS Security and Enterprise David Weston tweeted that IT admins can configure defenses against the disguised malware, average users may need to be on their guard.

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th