Security researcher Florian Roth (@cyb3rops) was one of the first to discover the certificates, expired in 2014 and 2018, were being used to sign off certificates for malware such “mimikatz”, that the Windows OS still allowed through its firewall. Other malware tools that are being signed off with NVIDIA certificates include Cobalt Strike beacons and KDU. Some security researchers also discovered that the stolen certificates seem to utilise the serial numbers “43BB437D609866286DD839E1D00309F5” and “14781bc862e8dc503a559346f5dcc518”.
Mimikatzhttps://t.co/TrY6vL2mEE KDUhttps://t.co/RDf6bnuArk pic.twitter.com/Jl4tpS5KEr — Florian Roth ⚡️ (@cyb3rops) March 3, 2022 The good news is that, there is a way to mitigate the issue and it requires users to configure their Windows Defender Application Control (WDAC) policies, to manage what NVIDIA drivers can and cannot be downloaded. The bad news is, modifying the WDAC isn’t a task for the non-IT Windows users and doing so will most definitely be tedious. To date, NVIDIA has been keeping mum about its decisions over the issue. From that stolen 1TB of data, approximately 200GB of it relates to hardware, information about NVIDIA’s unreleased Ada Lovelace GPU and its DLSS AI upscaling technology. (Source: Videocardz, BleepingComputer)