Stolen NVIDIA code signing certificates are used in order to seem trustworthy and allow malicious drivers and applications to be installed on Windows.
NVIDIA acknowledged this week that they were the victim of a hack in which threat actors stole employee credentials and confidential data. According to the extortion gang Lapsus$, they obtained 1TB of data during the hack and began distributing it online when NVIDIA declined to bargain with them.
Two stolen code-signing certificates were used by NVIDIA engineers to sign their drivers and executables, according to the leak. Despite the fact that both stolen NVIDIA certificates are expired, Windows will enable a driver certified with the certificates to be installed in the operating system.
Using these stolen certificates, threat actors may make their apps appear to be legal NVIDIA programs, allowing malicious drivers to be installed by Windows.
Hackers use stolen Nvidia certificates to conceal malware.