Malware uses stolen NVIDIA certificates, disguised as GPU drivers to attack users

Tram Ho

Not long ago, NVIDIA suffered a data breach attack, which resulted in quite a bit of data being stolen, including important Code Signing Certificates. According to BleepingComputer, the bad guys are using NVIDIA’s certificates to generate trusted certificates for malicious code and trick users into downloading malicious NVIDIA GPU drivers to Windows computers.

Malware sử dụng chứng chỉ bị đánh cắp của NVIDIA, ngụy trang thành driver GPU để tấn công người dùng - Ảnh 1.

BleepingComputer claims that there are tools Cobalt Strike, Mimikatz, backdoor software and remote access trojans (RATs) being distributed through rogue GPU drivers with malware hidden within them.

A digital certificate is basically something that developers use to verify files, such as updates. This is to help computer platforms like Windows or macOS recognize that these files are legitimate because they have been certified by the company that created them.

Malware sử dụng chứng chỉ bị đánh cắp của NVIDIA, ngụy trang thành driver GPU để tấn công người dùng - Ảnh 2.
Two digital certificates were compromised. Although they have expired, Windows still allows them to be used to validate drivers.

Just like you sign to a bank, a certificate trying to get stolen would be like someone forging a signature and claiming to be you, which the bank might not recognize and allow them to withdraw money from. your account.

So what can users do? Basically, if you have to download GPU drivers, make sure you get them from the company’s own sources, rather than third-party sites. Also, most GPUs come with their own software, and you can use NVIDIA’s Control Panel software if you need to search for GPU driver updates.

Reference: Ubergizmodo

Share the news now

Source : Genk