Nvidia's stolen data is being used to disguise malware as GPU drivers

Image of a trojan horse, with the Nvidia logo in the top right.
(Image credit: TwilightEye, Getty)

Because of leaked data linked to an Nvidia hack by a group calling itself Lapsus$, stolen code-signing certificates are being used to gain remote access to unsuspecting machines, and otherwise deploy malicious software.

According the Techpowerup, the certificates are being used to "develop a new breed of malware," and BleepingComputer lists Cobalt Strike beacons, Mimikatz, backdoors, and Remote Access Trojans (RATs) as just some of the malware being deployed by this means.

If you're not aware, a code-signing certificate is something devs use to sign off executable files and drivers before rolling them out to the public. It's a more secure way for Windows and prospective users to verify the ownership of the original file. Microsoft requires kernel-mode drivers to be code signed, otherwise the OS will refuse to open the file.

If some hooligan signs off malware with a genuine code from Nvidia, your PC may not be able to catch the malware before it unpacks, and wreaks havoc on your system.

The recent digital siege of Nvidia saw Lapsus$ demanding the company release a hashrate limiter bypass, a demand that was not met. The fallout resulted in not only code-signing certificates being leaked, but also 71,000 of employee's credentials, Nvidia's DLSS source code, and perhaps even some next-gen GeForce GPU names.

Sitting comfortably?

(Image credit: Secretlab)

Best chair for gaming: the top gaming chairs around
Best gaming desk: the ultimate PC podiums
Best PC controller: sit back, relax, and get your game on

Of course, it didn't take long for the leaked certificate codes to join the arsenal for hackers lurking around the web, who pounced on the potential to hide behind Nvidia's genuine codes in order to carry out their malevolent plans.

Now the codes are being used to sign certificates for Windows drivers, along with Quasar RATs, as VirusTotal shows currently, "46 security vendors and 1 sandbox flagged this file as malicious."

BleepingComputer, thanks to the keen reporting of security researchers Kevin Beaumont and Will Dormann, notes the following serial numbers as those to look out for:

  • 43BB437D609866286DD839E1D00309F5
  • 14781bc862e8dc503a559346f5dcc518

Both codes are effectively expired Nvidia signatures, but your OS will still let them pass just the same. Just something to keep an eye on if you're thinking of downloading a file you think may have been tampered with. 

There are ways to tell Windows not to allow these signed codes through, but may well be awkward to implement if you don't have a history in IT. They may also be a pain when you actually come to install a legitimately signed Nvidia driver.

As always, stay safe out there.

Katie Wickens
Hardware Writer

Screw sports, Katie would rather watch Intel, AMD and Nvidia go at it. Having been obsessed with computers and graphics for three long decades, she took Game Art and Design up to Masters level at uni, and has been rambling about games, tech and science—rather sarcastically—for four years since. She can be found admiring technological advancements, scrambling for scintillating Raspberry Pi projects, preaching cybersecurity awareness, sighing over semiconductors, and gawping at the latest GPU upgrades. Right now she's waiting patiently for her chance to upload her consciousness into the cloud.

Read more
Nvidia RTX 5080 Founders Edition graphics card from different angles
Nvidia is 'investigating the reported issues with the RTX 50-series' cards after RTX 5090 and RTX 5080 owners (and some RTX 40-series folk) report black screen problems
Thermal image of hot RTX 5090 power connecgtor
Surely not again: Worrying analysis shows Nvidia's RTX 5090 Founders Edition graphics card may be prone to melting power connectors
Mister Fantastic giving a thumbs up
A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
MSI RTX 5090 Suprim in an open test bench
RTX 50-series black screen issues should finally be fixed this week in an official Nvidia driver update
Nvidia RTX 5090 Founders Edition graphics card on different backgrounds
The curious tale of the missing eight: Some Nvidia RTX 50-series cards are shipping with missing ROPs in the GPU, Nvidia says only 0.5% of all cards are affected
Nvidia RTX 5080 Founders Edition graphics card from different angles
Latest Nvidia Game Ready drivers fix various black screen issues that left gamers staring at their sad reflections
Latest in Graphics Cards
Jensen Huang, co-founder and chief executive officer of Nvidia Corp., speaks while holding the company's new GeForce RTX 50 series graphics cards and a Thor Blackwell robotics processor during the 2025 CES event in Las Vegas, Nevada, US, on Monday, Jan. 6, 2025. Huang announced a raft of new chips, software and services, aiming to stay at the forefront of artificial intelligence computing. Photographer: Bridget Bennett/Bloomberg via Getty Images
Group allegedly trying to smuggle Nvidia Blackwell chips stare down bail set at over $1 million
Nvidia RTX 5090 Founders Edition graphics card on different backgrounds
AI will be crammed in more of the graphics pipeline as Nvidia and Microsoft are bringing AI shading to a DirectX preview next month
Nvidia RTX 50-series graphics cards alongside an RTX 4090
Nvidia says it's sold twice as many RTX 50-series cards as RTX 40-series in the first 5 weeks. I'd bloody well hope so given there was essentially just the RTX 4090 for competition
AMD Radeon RX 9070/9070 XT graphics cards with artistic renders of reference design cards circled
Looks like a reference design AMD RX 9070 XT card has shown up in China, but let's not get carried away with thoughts of MBA cards just yet
AMD Radeon Sapphire Pure RX 9070 XT graphics card for PC gaming in white colourway
Ranking AMD Radeon RX 9070 XT graphics cards by their visual design, cuz, you know, I can't buy one for MSRP so have to kill my time somehow
XFX Radeon RX 9070 XT Quicksilver graphics card on a blue background with angel wings on either side
XFX is letting you add customisable 3D printed wings to its Quicksilver RX 9070-series graphics cards
Latest in News
Erenshor - A player and two simulated MMO party members stand on a plateau in front of a yellow landscape
This RuneScape-looking 'simulated MMORPG' has all the nostalgia without the drama because all the other 'players' are NPCs
Pirate Bay co-founder Carl Lundstrom
Pirate Bay co-founder and far-right politician found dead after plane crash
Sunset in the desert in Hello Sunshine
Hello Sunshine is a desert survival sandbox where you live in the literal shadow of the colossus
Roblox CEO David Baszucki.
'Don't let your kids be on Roblox', Roblox CEO tells parents, before comparing himself to Walt Disney and declaring the platform 'the future of communication'
Titus in Warhammer 40,000: Space Marine 3 reveal promo image
Praise be to the Omnissiah! Warhammer 40,000: Space Marine 3 is officially in development
Jensen Huang, co-founder and chief executive officer of Nvidia Corp., speaks while holding the company's new GeForce RTX 50 series graphics cards and a Thor Blackwell robotics processor during the 2025 CES event in Las Vegas, Nevada, US, on Monday, Jan. 6, 2025. Huang announced a raft of new chips, software and services, aiming to stay at the forefront of artificial intelligence computing. Photographer: Bridget Bennett/Bloomberg via Getty Images
Group allegedly trying to smuggle Nvidia Blackwell chips stare down bail set at over $1 million