Attention graphics card owners: Malware in some Nvidia drivers

Panagiotis Kolokythas

The hacker attack and Nvidia’s blackmail (we reported) is now having an impact on users. According to the security site Bleeping Computer, the official Nvidia certificates for signing Nvidia driver downloads were apparently also stolen during the attack. This allows attackers to add malicious software (malware) to the Nvidia driver downloads and then manipulate them in such a way that the download fools the operating system into thinking it comes directly from Nvidia. The protection provided by Windows Defender and other antivirus software is thus undermined and the malware ends up on the computers when the drivers are installed.

According to the report, two of the stolen certificates have now expired, but are still being used by the attackers to manipulate downloads containing trojans that allow remote access to the compromised machines. Another fake Nvidia driver for Windows has also been detected.

Behind the attack on Nvidia is the South American group Lapsus$, which also attacked Samsung and leaked 190 gigabytes of internal data on Galaxy devices. So far it is not known whether the group also blackmailed Samsung. In the case of Nvidia, there was such blackmail, however, Lapsus$ does not ask for money, but from Nvidia to release all drivers as open source and to remove all mining brakes. You can read more about this in this report: Nvidia hackers set an ultimatum – or all data will be leaked

How to protect yourself from this type of attack

The recommendation for all users is actually quite simple: Nvidia drivers should only be downloaded and installed from Nvidia official website. Alternatively, the drivers used should only be updated via the already installed Geforce Experience application. So, steer well clear of other websites that pretend to offer Nvidia graphics card driver downloads.