A few days ago, the community of cryptocurrency miners stirred up the news about the “magic” Nvidia RTX LHR v2 Unlocker software. According to its creator, a certain Sergey, the software is allegedly capable of modifying the firmware of Nvidia GeForce RTX 30 video cards in such a way as to remove the hashrate restrictions implemented by the manufacturer. However, how found out researcher Hassan Muzhtaba, instead of restoring the full power of the video card so that it can be used to mine cryptocurrency, the utility infects the host system with malware.
It turned out that the LHRUnlocker Install.msi file not only does not fulfill the stated promises, but also infects the service powershell.exe malware.
Although suspicious activity is the norm for such utilities (after all, they are designed to circumvent restrictions in the OS and drivers), searching for system drivers, performing workarounds to interfere with dynamic analysis, using obfuscation techniques, excessive use of CPU power is not what is usually expected of them.
By itself, the utility may not harm the system immediately, but it should be borne in mind that it only works with modified Nvidia drivers, and they, in turn, may be infected with something more dangerous.