It is true that the hacking of NVIDIA servers has given us succulent information about the future products of the company led by Jensen Huang. However, it is a criminal act and the true intentions and consequences of the leak have not been long in appearing. One of the consequences is NVIDIA certificates with malware or malicious software.
One of the most intrusive ways that malicious software can sneak into our computers is in the drivers. That is why these must be officially certified by the manufacturers and for this Microsoft, in the case of Windows, provides them with a series of tools that allow them to create drivers with an official signature. Well, it seems that with the hacking and leaking of NVIDIA, it has been discovered that anyone can disguise their programs with malicious intent as NVIDIA certificates.
Malware that masquerades as an NVIDIA certificate
As part of the #NvidiaLeaks, two code signing certificates have been compromised. Although they have expired, Windows still allows them to be used for driver signing purposes. See the talk I gave at BH/DC for more context on leaked certificates: https://t.co/UWu3AzHc66 pic.twitter.com/gCrol0BxHd
— Bill Demirkapi (@BillDemirkapi) March 3, 2022
In the code stolen from the veteran green brand of graphics cards over the past week were tools for signing drivers that make malware trustworthy on people’s PCs. The tools generate signatures dated between 2014 and 2018, but today it is more than enough for the Redmond operating system to consider it a reliable source.
So you will have to be careful with NVIDIA certificates because of the malware they could include. These obviously have not been created by Jensen Huang’s company. One such malware is a variant of Quasar RAT, a Trojan that gives full remote access to your PC to anyone connected from anywhere. The consequences of this are clear: if they manage to get a user to install these certificates with malware, they will be able to steal users’ private data through these applications.
So be careful, make sure of the source from which these certificates come and do not trust any that appear at this time and their date is four years ago or earlier. In any case, to prevent it, we recommend you install only those that come directly from NVIDIA to take care of your health and reject drivers that come from third-party sources.
Why is this an act against our privacy?
Those of LAPSUS$ already showed their true criminal face a few days ago, and now they have not only caught up with NVIDIA but also with Samsung. Many will interpret it as a coincidence, but taking into account the political relations of certain Latin American countries with Russia and the current conflict in Ukraine, we can guess. They have precisely attacked companies within the US orbit using extortion methods.
In any case, and in response to the question at the head of this section, we have to take into account how a driver works, and that is that it is an application with levels of privilege over the system that are much higher than normal. So they run in a more privileged ring within the operating system. This means that they have access to parts of the system memory that a normal application cannot and therefore are much more harmful by running in the environment of the operating system and not of the applications.
