Malware On the Prowl Using Stolen NVIDIA Code Signing Certificates



Stolen code-signing certificates of NVIDIA scored from the recent cyber-attack, are being used to develop a new breed of malware that can appear “trustworthy” to Windows PCs. The code-signing certificates leaked to the web as part of the hacker group expired in 2014 and 2018, but Windows PCs are still able to see them as being used for signing drivers. One such malware that hit anti-virus provider VirusTotal, is a variant of the Quasar RAT (remote-access trojan), signed with NVIDIA certificates. A RAT works in the background, granting remote-access to your machine to an attacking group with read-write access, who can then do anything from stealing data or holding it to ransom by encrypting it.