Nvidia's stolen data is being used to disguise malware as GPU drivers

Image of a trojan horse, with the Nvidia logo in the top right.
(Image credit: TwilightEye, Getty)

Because of leaked data linked to an Nvidia hack by a group calling itself Lapsus$, stolen code-signing certificates are being used to gain remote access to unsuspecting machines, and otherwise deploy malicious software.

According the Techpowerup, the certificates are being used to "develop a new breed of malware," and BleepingComputer lists Cobalt Strike beacons, Mimikatz, backdoors, and Remote Access Trojans (RATs) as just some of the malware being deployed by this means.

If you're not aware, a code-signing certificate is something devs use to sign off executable files and drivers before rolling them out to the public. It's a more secure way for Windows and prospective users to verify the ownership of the original file. Microsoft requires kernel-mode drivers to be code signed, otherwise the OS will refuse to open the file.

If some hooligan signs off malware with a genuine code from Nvidia, your PC may not be able to catch the malware before it unpacks, and wreaks havoc on your system.

The recent digital siege of Nvidia saw Lapsus$ demanding the company release a hashrate limiter bypass, a demand that was not met. The fallout resulted in not only code-signing certificates being leaked, but also 71,000 of employee's credentials, Nvidia's DLSS source code, and perhaps even some next-gen GeForce GPU names.

Sitting comfortably?

(Image credit: Secretlab)

Best chair for gaming: the top gaming chairs around
Best gaming desk: the ultimate PC podiums
Best PC controller: sit back, relax, and get your game on

Of course, it didn't take long for the leaked certificate codes to join the arsenal for hackers lurking around the web, who pounced on the potential to hide behind Nvidia's genuine codes in order to carry out their malevolent plans.

Now the codes are being used to sign certificates for Windows drivers, along with Quasar RATs, as VirusTotal shows currently, "46 security vendors and 1 sandbox flagged this file as malicious."

BleepingComputer, thanks to the keen reporting of security researchers Kevin Beaumont and Will Dormann, notes the following serial numbers as those to look out for:

  • 43BB437D609866286DD839E1D00309F5
  • 14781bc862e8dc503a559346f5dcc518

Both codes are effectively expired Nvidia signatures, but your OS will still let them pass just the same. Just something to keep an eye on if you're thinking of downloading a file you think may have been tampered with. 

There are ways to tell Windows not to allow these signed codes through, but may well be awkward to implement if you don't have a history in IT. They may also be a pain when you actually come to install a legitimately signed Nvidia driver.

As always, stay safe out there.

Katie Wickens
Hardware Writer

Screw sports, Katie would rather watch Intel, AMD and Nvidia go at it. Having been obsessed with computers and graphics for three long decades, she took Game Art and Design up to Masters level at uni, and has been rambling about games, tech and science—rather sarcastically—for four years since. She can be found admiring technological advancements, scrambling for scintillating Raspberry Pi projects, preaching cybersecurity awareness, sighing over semiconductors, and gawping at the latest GPU upgrades. Right now she's waiting patiently for her chance to upload her consciousness into the cloud.

Read more
Nvidia RTX 5080 Founders Edition graphics card from different angles
Nvidia is 'investigating the reported issues with the RTX 50-series' cards after RTX 5090 and RTX 5080 owners (and some RTX 40-series folk) report black screen problems
Thermal image of hot RTX 5090 power connecgtor
Surely not again: Worrying analysis shows Nvidia's RTX 5090 Founders Edition graphics card may be prone to melting power connectors
Mister Fantastic giving a thumbs up
A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
MSI RTX 5090 Suprim in an open test bench
RTX 50-series black screen issues should finally be fixed this week in an official Nvidia driver update
Nvidia RTX 5090 Founders Edition graphics card on different backgrounds
The curious tale of the missing eight: Some Nvidia RTX 50-series cards are shipping with missing ROPs in the GPU, Nvidia says only 0.5% of all cards are affected
Nvidia RTX 5080 Founders Edition graphics card from different angles
Latest Nvidia Game Ready drivers fix various black screen issues that left gamers staring at their sad reflections
Latest in Graphics Cards
A side by side comparison of two Asus Q-Release systems, with the original design on the top and the bottom showing the apparently new design.
Asus appears to have quietly changed the design of its Q-Release PCIe slot after claims of potential GPU pin damage
A Colorful RTX 5080 and its box
Three lucky folks in India can win the dubious honour of buying an RTX 5080 GPU at Nvidia MSRP
Jensen Huang, co-founder and chief executive officer of Nvidia Corp., speaks while holding the company's new GeForce RTX 50 series graphics cards and a Thor Blackwell robotics processor during the 2025 CES event in Las Vegas, Nevada, US, on Monday, Jan. 6, 2025. Huang announced a raft of new chips, software and services, aiming to stay at the forefront of artificial intelligence computing. Photographer: Bridget Bennett/Bloomberg via Getty Images
Group allegedly trying to smuggle Nvidia Blackwell chips stare down bail set at over $1 million
Nvidia RTX 5090 Founders Edition graphics card on different backgrounds
AI will be crammed in more of the graphics pipeline as Nvidia and Microsoft are bringing AI shading to a DirectX preview next month
Nvidia RTX 50-series graphics cards alongside an RTX 4090
Nvidia says it's sold twice as many RTX 50-series cards as RTX 40-series in the first 5 weeks. I'd bloody well hope so given there was essentially just the RTX 4090 for competition
AMD Radeon RX 9070/9070 XT graphics cards with artistic renders of reference design cards circled
Looks like a reference design AMD RX 9070 XT card has shown up in China, but let's not get carried away with thoughts of MBA cards just yet
Latest in News
assassin's creed shadow naoe
We asked two parkour athletes to rate the realism of Assassin's Creed's acrobatics, and a surprising 'crime against parkour' might actually be one of the most realistic things they saw
Mechs fight on the outside of a spaceship
MechWarrior 5: Clans is getting DLC with playable Elementals and a fight on the outside of a spaceship
Aloy - Horizon
'I feel worried about this art form:' Unsurprisingly, the real Aloy from Horizon isn't a fan of AI Aloy
Crying laughing emoji with disturbing realistic elements for REPO
REPO's first update will add a new map and a 'duck bucket' so we can finally give that pesky quacker a time out
Man facing camera
The Day Before studio reportedly sues Russian website for calling infamous disaster-game a 'scam'
Will Poulter holding a CD ROM
'What are most games about? Killing': Black Mirror Season 7 includes a follow-up to 2018 interactive film Bandersnatch