NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware

martyb

from SoylentNews on 2022-03-10 12:08 (#5WZ0G)

NVIDIA's Stolen Code-Signing Certs Used to Sign Malware:

NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines.
Two of NVIDIA's code-signing certificates were part of the Feb. 23 Lapsus$ Group ransomware attack the company suffered - certificates that are now being used to sign malware so malicious programs can slide past security safeguards on Windows machines.
The Feb. 23 attack saw 1TB of data bleed from the graphics processing units (GPUs) maker: a haul that included data on hardware schematics, firmware, drivers, email accounts and password hashes for more than 71,000 employees, and more.
Security researchers noted last week that malicious binaries were being signed with the stolen certificates to come off like legitimate NVIDIA programs, and that they had appeared in the malware sample database VirusTotal.
[...] Both of the stolen NVIDIA code-signing certificates are expired, but they're still recognized by Windows, which allow a driver signed with the certificates to be loaded in the operating system, according to reports.

Source	RSS or Atom Feed
Feed Location	https://soylentnews.org/index.rss
Feed Title	SoylentNews
Feed Link	https://soylentnews.org/
Feed Copyright	Copyright 2014, SoylentNews