Not long ago, NVIDIA suffered a data breach attack, resulting in a lot of data being stolen, including important Code Signing Certificates. According to BleepingComputer, the bad guys are using NVIDIA’s certificates to generate trusted certificates for malicious code and trick users into downloading malicious NVIDIA GPU drivers to Windows computers.
BleepingComputer claims that there are tools Cobalt Strike, Mimikatz, backdoor software and remote access trojans (RATs) being distributed through rogue GPU drivers with malware hidden within them.
A digital certificate is basically something that developers use to verify files, such as updates. This is to help computer platforms like Windows or macOS recognize that these files are legitimate because they have been certified by the company that created them.
Two digital certificates were compromised. Although they have expired, Windows still allows them to be used to validate drivers.
Just like you sign to a bank, a certificate trying to get stolen would be like someone forging a signature and claiming to be you, which the bank might not recognize and allow them to withdraw money from. your account.
So what can users do? Basically, if you have to download GPU drivers, make sure you get them from the company’s own sources, rather than third-party sites. Also, most GPUs come with their own software, and you can use NVIDIA’s Control Panel software if you need to search for GPU driver updates.
Reference: Ubergizmodo