Malware Released Using NVIDIA’s Stolen Code Signing Certificates

The FPS Review may receive a commission if you purchase something after clicking a link in this article.


The fallout from NVIDIA’s cyber attack continues. In addition to email addresses and password hashes and DLSS source code, bad actors are now using stolen data to create malware, which has already been released online. NVIDIA code-signing certificates allow their software to bypass Windows security measures. Researchers have spotted multiple trojans in the wild using the stolen certificates.

Digitally signed certificates prevent threat actors from installing malware on a PC, so preventing software with them is a tricky thing. Malware can be masked as updates or drivers, making it difficult to spot. All hope is not lost, though, as David Weston (Director of Enterprise and OS security at Microsoft) has posted a means for administrators to tighten up security measures. With Windows Defender Application Control policies (WDAC), a user can control which drivers are loaded.

Configuring custom policies and rule sets is not easy for the average user. If done incorrectly, things could be made worse. It is hoped that NVIDIA and Microsoft will collaborate for an easier solution.

Those more adept at software can identify potential malware by looking for serial numbers. Security researchers Kevin Beaumont and Will Dormann found that the stolen certificates contain the following serial numbers.


Source: Bleeping Computer

Peter Brosdahl
As a child of the 70’s I was part of the many who became enthralled by the video arcade invasion of the 1980’s. Saving money from various odd jobs I purchased my first computer from a friend of my dad, a used Atari 400, around 1982. Eventually it would end up being a lifelong passion of upgrading and modifying equipment that, of course, led into a career in IT support.

Recent News