Malware in some Nvidia drivers: Attention graphics card owners

The hacker attack and Nvidia extortion (which we reported on) are now affecting users. According to security site Bleeping Computer, it appears that official Nvidia certificates for signing Nvidia driver downloads were also stolen during the attack. This allows attackers to add malware (malware) to Nvidia driver downloads and then manipulate it in such a way that the download tricks the operating system into thinking it comes directly from Nvidia. Thus the protection provided by Windows Defender and other antivirus software is undermined and malware ends up on computers when drivers are installed.

According to the report, two of the stolen certificates have now expired, but attackers still use them to tamper with downloads containing Trojans that allow remote access to compromised devices. Another fake Nvidia driver for Windows has also been detected.

Behind the attack on Nvidia is the South American group Lapsus$, which also attacked Samsung and leaked 190 GB of internal data on Galaxy devices. It is not yet known if the group has also blackmailed Samsung. In the case of Nvidia, there was such extortion, however, that $ Lapsus is not asking for money, but from Nvidia to release all drivers as open source and remove all mining brakes. You can read more about this in this report: Nvidia hackers set an ultimatum — or all data will be leaked

How to protect yourself from this type of attack

The recommendation for all users is very simple: Nvidia drivers should be downloaded and installed only from the official Nvidia website. Instead, only used drivers should be updated via the already installed Geforce Experience app. So, stay away from other websites that pretend to offer Nvidia graphics card driver downloads.