Further attacks on NVIDIA include malware appearing in two separate code-signing certificates from NVIDIA.
Straight ahead of the end of the week, PC security expert Bill Demirkapi highlighted the two spilled NVIDIACorporation endorsements, as given by VeriSign. You can see from the screen captures that one of them lapsed in 2014 and the other in 2018. Regardless of the endorsements so obviously being terminated, Demirkapi says that " Windows permits them to be utilized for driver marking purposes."
Mimikatzhttps://t.co/TrY6vL2mEE KDUhttps://t.co/RDf6bnuArk pic.twitter.com/Jl4tpS5KEr — Florian Roth ⚡️ (@cyb3rops) March 3, 2022 Just ahead of the weekend, computer security specialist Bill Demirkapi highlighted the two leaked NVIDIA Corporation certificates issued by VeriSign. You can see from the screenshots above that one of them expired in 2014 and the other in 2018. Demirkapi says that " Windows still allows them to be used for driver signing purposes despite the credentials being expired." Security analyst Florian Roth took to Twitter to provide links to malware seen in the wild, endorsed as though they were veritable, unaltered NVIDIA code. These weren’t connected to the malware but instead to infection-examining information bases investigating reality. Confirmation of the risk from these authentications being made public became visible only a couple of hours after the fact. A not insignificant rundown of the malware appears to have been cultivated, presently ensured as certifiable Nvidia code. Among the dubious bundles, many seem to be contaminated with Mimikatz, a program used to remove passwords, PINs, and comparative from a PC’s memory that succumbs to it.
