Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Nvidia drivers malware

Beware fake Nvidia drivers, leaked certificate code from hack may now have malware

A big problem for Nvidia and its users.

The fallout continues from the ransomware attack that targeted Nvidia, as it has been discovered that some of the company’s older GPU drivers can now conceal malware. According to TechPowerUp, stolen code-signing certificates are being used to place malware on unsuspecting PCs. This was also confirmed by @BillDemirkapi on Twitter. The code-signing certificates expired in 2014 and 2018, but that doesn’t stop Windows from recognizing these as legitimate. And this could be a massive issue for those who aren’t sure what to look out for.

Recommended Videos

BleepingComputer pointed out the kinds of malware making the rounds. These include Cobalt Strike Beacons, Mimikatz, backdoors, and Remote Access Trojans. This is clearly a problematic situation for Nvidia, and it’s unknown how much worse the situation could become in the next few weeks. But for now, it’s important that users remain vigilant for anything that seems out of the ordinary. Particularly when it comes to downloading drivers for their graphics cards.

 

Keep an eye out for malicious software

Code-signing certificates are used by developers to put a digital signature on drivers and executables. It’s there to verify if something is what it says it is. If the certificate isn’t valid, Windows will let you know. This is why malicious software using these certificates is such a dangerous thing. Windows isn’t able to tell if the file is dangerous, and before you know it, your PC is in danger. Additionally, if users aren’t able to identify the difference between a real driver and a fake one, it could end up infecting a lot of unsuspecting PCs. However, there are cautionary measures users can take.

Nvidia drivers malware

(Image credit: BleepingComputer).

Thanks to security researchers Kevin Beaumont and Will Dormann, the serial numbers for the stolen certificates have been shared. Be sure to look out for “43BB437D609866286DD839E1D00309F5” and “14781bc862e8dc503a559346f5dcc518.” While these signatures have expired, Windows will still recognize these as legitimate. Obviously, this is a big security flaw that Windows should iron out in the future. In fact, it’s bizarre that expired certificates are recognizable in the first place.

It’s a dire situation for Nvidia and its users, especially for those who aren’t aware of the current situation. The best defense at the moment is to spread this information around as much as possible. There’s no word on what Nvidia plans to do with the malware disguised as GPU drivers, or whether Microsoft intends to step in at some point. Either way, the best thing for users to do now is remain cautious. Keep an eye out for anything that looks suspicious and, as always, be careful with what you download.

 


PC Invasion is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Author
Image of Sam Robins
Sam Robins
Sam is a Contributing Writer at PC Invasion. For just over 5 years, he has been writing about all areas of gaming from news and guides, to reviews of the latest titles. When he's not writing, he's usually sinking time into an RPG or trying to convince his friends to play The Legends of Heroes series. He can usually be found lurking on Twitter (@GhoolyTV) most days.
twitter