LAPSUS$, the group behind the recent Nvidia cyberattack, has begun leaking more confidential data. This time around, the group leaked code signing certificates, leading to bad actors using them to sign malware.
According to Bleepingcomputer (via TechPowerUp), it didn't take long for security researchers to find that malware developers were using the leaked code signing certificates as signatures for their creations. Virus Total has already received sample files showing Nvidia as the signing author of multiple malware and hacking tools, such as Cobalt Strike beacons, Mimikatz, backdoors, and remote access trojans.
This situation could have been prevented, but Microsoft failed to revoke the certificates as soon as they expired. As a result, Windows still accepts software signed with them. Now that this leak has occurred, Microsoft will likely finally pull the trigger and revoke the certificates as it should have done previously.
For now, the only way to prevent your system from trusting these certificates is by manually adding Windows Defender Access Control (WDAC) policies to avoid any executable using them from running on your system. However, this course of action is far from optimal, as general users may find it difficult.
Discuss on our Facebook page, HERE.
KitGuru says: Now that this has all become public, Microsoft and Nvidia will have to take further action to protect consumers from potential malware attacks.