It is true that the hacking of NVIDIA servers gave us succulent information on the future products of the company headed by Jensen Huang. However, this is a criminal act and the true intentions and consequences of the leak soon became apparent. One of the consequences is NVIDIA certificates with malware or malware.
One of the most intrusive ways for malware to sneak into our computers is through drivers. This is why these must be officially certified by the manufacturers and for this Microsoft, in the case of Windows, provides them with a series of tools that allow them to create drivers with an official signature. Well, it seems that with the NVIDIA hack and leaks, it has been discovered that anyone can disguise their programs with malicious intent as NVIDIA certificates.
Malware impersonating an NVIDIA certificate
As a member of #NvidiaLeaks, two code-signing certificates were compromised. Although they have expired, Windows still allows their use for driver signing purposes. See the talk I gave at BH/DC for more context on leaked certificates: https://t.co/UWu3AzHc66 pic.twitter.com/gCrol0BxHd
-Bill Demirkapi (@BillDemirkapi) March 3, 2022
In the code stolen from the green brand of veteran graphics cards over the past week were tools to sign drivers that make malware safe on people’s PCs. The tools generate signatures dated between 2014 and 2018, but today it is more than enough for Redmond’s operating system to consider it a reliable source.
So you will have to be careful with NVIDIA certificates because of the malware they might include. These were obviously not created by Jensen Huang’s company. One such malware is a variant of Quasar RAT, a Trojan horse that gives full remote access to your PC to anyone connected from anywhere. The consequences are clear: if they manage to trick a user into installing these certificates with malware, they will be able to steal users’ private data through these applications.
So be careful, be sure of the source where these certificates come from and do not trust those that appear at this time and are dated four years ago or earlier. In any case, to avoid it, we recommend installing only those that come directly from NVIDIA to take care of your health and reject drivers from third-party sources.
Why is this an act against our privacy?
Those of LAPSUS$ already showed their true criminal face a few days ago, and now they have not only caught up with NVIDIA but also with Samsung. Many will interpret this as a coincidence, but given the political relations of some Latin American countries with Russia and the current conflict in Ukraine, one can guess. They specifically attacked companies in the American orbit using extortion methods.
In any case, and in answer to the question at the top of this section, we must take into account how a driver works, that is, it is an application with levels of privileges on the system much higher than normal. They therefore run in a more privileged ring within the operating system. This means that they have access to parts of system memory that a normal application cannot and are therefore much more harmful by running in the environment of the operating system and not applications.
