Yep, it was too good to be true. A software tool claiming it can remove the Ethereum mining limiter on Nvidia’s RTX 3000 graphics cards is actually capable of delivering malware.
The tool’s creator, a mysterious developer known as “Sergey,” released a beta of the “LHR Unlocker” program this morning on his GitHub page, a few days ahead of a promised Saturday launch. However, a component inside the installer can fetch an Nvidia GeForce driver file that 18 different antivirus scans will detect as malware.
The malicious nature of LHR Unlocker was noticed by a Russian data scientist named Mikhail Stepanov, who posted an antivirus scan of the driver file on Sergey’s own GitHub page.
A virus scan of the malicious driver file.
(VirusTotal)
Stepanov, who mines cryptocurrency at his home, said he unpacked the installer and launched it on a virtual machine, but found no evidence it’ll unlock the Ethereum mining limiter on Nvidia’s RTX 3000 GPUs. Instead, the installer can fetch a malicious driver file from a server under the domain “drivers.sergeydev[.]com.”
“This is a common Trojan,” Stepanov told PCMag in a chat on Telegram. “Most likely they wanted to build a botnet.”
The URL to the malicious driver file is inside one of the installer’s components.
PCMag also unpacked the LHR Unlocker installer, and found that a component inside called “AI_FileDownload” does indeed lead to the domain “drivers.sergeydev[.]com” to fetch the malicious Nvidia driver file. Antivirus scans from Kaspersky, McAfee, Avast, Symantec, and Microsoft all detect it as a malicious file or as a Trojan. There is a chance the antivirus scans flagged the Nvidia driver file incorrectly. But in its current state, the beta LHR Unlocker program doesn’t work.
Meanwhile, a separate malware scan using Joe Sandbox shows the LHR Unlocker installer will also try to prevent Windows Defender from detecting it, according to Tom’s Hardware.
Recommended by Our Editors
So far, Sergey hasn’t commented on the malware allegations. His background is unclear, but a domain lookup shows sergeydev[.]com is registered to a person in Poland named Sergey Bronovsky.
The tool was released as numerous cryptocurrency mining experts warned that Sergey’s program was likely fake and possibly a scam. The program is still available for download on his GitHub page. However, four minutes after releasing the beta on Wednesday morning, Sergey said on his Telegram channel that the server hosting the BIOS and driver files was down.
So if you try to run the LHR Unlocker tool on a Windows PC, the program will show an error, saying that it can’t install. Still, it’s best to steer clear from downloading the tool at all. The incident is also a good reminder to be on guard against cryptocurrency-related scams.
Like What You’re Reading?
Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
This news is republished from another source. You can check the original article here