An Nvidia code-signing certificate was among the mountain of files stolen and leaked online by criminals who ransacked the GPU giant’s internal systems.
At least two binaries not developed by Nvidia, but signed this week with its stolen cert, making them appear to be Nvidia programs, have appeared in malware sample database VirusTotal.
This leak means sysadmins should take steps, or review their security policies and defenses, to ensure code recently signed by the rogue cert is detected and blocked as it is most likely going to be malicious. This can be done through Windows configuration, network filtering rules, or whatever you use to police your organization.
Zoom security bod Bill Demirkapi tweeted a warning about the certificate potentially being able to be used to sign Windows kernel-level driver files:
As part of the #NvidiaLeaks, two code signing certificates have been compromised. Although they have expired, Windows still allows them to be used for driver signing purposes. See the talk I gave at…
