Leaked NVIDIA data is being used to bypass Windows security and attack PCs

HP Specre 15 (Image credit: Windows Central)

What you need to know

A ransomware group known as Lapsus$ has leaked stolen data from NVIDIA as part of a hack.
The leaked data includes code signing certificates, which are now being used by threat actors.
By using the signing certificates, threat actors can make malicious files appear genuine, allowing them to bypass some security measures in Windows.

The ongoing drama surrounding the NVIDIA hack by Lapsus$ has another chapter, and it's putting computers at risk. The ransomware group known as Lapsus$ hacked NVIDIA in February 2022. The group threatened to leak the stolen information if NVIDIA did not meet demands to remove mining limitations from its RTX 30 series graphics cards. The group has since leaked information, which is being used by threat actors.

The leak by the Lapsus$ group includes two code-signing certificates that NVIDIA uses to sign drivers and executables. They're both expired but can still be used to make malicious software appear genuine. Windows looks at code-signing certificates to make sure a driver or executable is safe. If a malicious file was signed by an approved certificate, it could bypass security measures within Windows.

BleepingComputer reports that the certificates stolen through the leak have been used to sign malware and hacking tools, including backdoors, Cobalt Strike beacons, Mimikatz, and remote access trojans.

Countering this attack by Lapsus is complex. It's possible to configure Windows Defender Application Control policies to stop certain NVIDIA drivers from being loaded, but that requires sophisticated technical knowledge. Microsoft could also add the drivers in question to its certificate revocation list, but that would cause issues for some legitimate NVIDIA drivers (and their associated best graphics cards). Bleeping Computer notes that it's unlikely that Microsoft will take that step in the near future.

Sean Endicott is a news writer and apps editor for Windows Central with 11+ years of experience. A Nottingham Trent journalism graduate, Sean has covered the industry’s arc from the Lumia era to the launch of Windows 11 and generative AI. Having started at Thrifter, he uses his expertise in price tracking to help readers find genuine hardware value.

Beyond tech news, Sean is a UK sports media pioneer. In 2017, he became one of the first to stream via smartphone and is an expert in AP Capture systems. A tech-forward coach, he was named 2024 BAFA Youth Coach of the Year. He is focused on using technology—from AI to Clipchamp—to gain a practical edge.