Nvidia Certificates Used in Malware

Industry: Technology | Level: Strategic | Source: BleepingComputer

Threat actors are quickly leveraging data obtained from Nvidia's data leak by Lapsus$. As reported by BleepingComputer and shared by security researchers Bill Demirkapi, Kevin Beaumont and Will Dormann, "Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows." Despite some observed NVIDIA certificates being expired, Windows will allow the expired certificates to be loaded. The certificate is used to sign hacking tools including Cobalt Strike beacons, Mimikatz, as well as a variety of backdoors and RATs.