Not too long ago, it was reported that NVIDIA had suffered a data breach in which quite a bit of data was stolen in the process. Among that stolen data are code-signing certificates. For those who don’t think it’s a big deal, it is because now it appears that malware is being disguised as GPU drivers that could trick users into installing them.
This is according to several reports from Techpowerup and Bleeping Computer, both of whom are claiming that there are Cobalt Strike beacons, Mimikatz, backdoors, and Remote Access Trojans (RATs) that are being spread through fake GPU drivers that have malware hidden inside of them.
For those unfamiliar, code-signing certificates are basically what developers use to verify files such as updates. This is to help computer platforms like Windows or macOS recognize that these are legitimate files since they’ve been signed by the company that creates them, kind of like you signing a cheque to acknowledge that it is you who is authorizing the money.
Stolen code-signing certificates would be akin to someone forging your signature claiming to be you, which a bank might not be able to recognize and allow the money to be withdrawn from your account. So what can users do about it? Basically if you had to download a GPU driver, make sure that your source is the company itself you’re downloading from, as opposed to third-party websites.
Alternatively, most GPUs have their own software or you can use NVIDIA’s own Control Panel software if you need to look for GPU driver updates.