Nvidia ‘hashrate unlocker’ likely attempt to build crypto mining botnet

Tech sites like Tom's Hardware covered a purported workaround for Nvidia's crypto mining limiter this week. Turns out, it was malware.

A hacker targeted prospective Ethereum crypto miners by lacing software promising to break Nvidia’s hashrate limiter with a virus, reports PC Gamer.

Nvidia’s GeForce RTX 3000 graphics card is popular among both gamers and cryptocurrency miners, with the latter blamed for the high prices and rising scarcity of high-end GPUs.

Last year, Nvidia introduced code that reduces GPU power when crypto mining is detected.

Powerful graphics units are regularly sold between 50% and 100% higher than recommended retail prices, so the Santa Clara chipmaker hoped it would dissuade miners from buying up stock amid ongoing shortages.

But on Monday, a supposed beta version of the so-called “LHR Unlocker” appeared on GitHub. It pledged to increase crypto mining efforts by 50%, thereby undoing Nvidia’s artificial limitation.

Tech portals were quick to share word of the purported workaround, with headlines like: NVIDIA RTX LHR BIOS v2 Unlocker Tool Bypasses Crypto Mining Restrictions, Offering Full Performance on Ampere GPUs, and Nvidia RTX LHR v2 Unlocker claims to restore the full cryptomining performance of hamstrung GeForce GPUs.

Shortly after, data scientist Mikhail Stepanov discovered a virus hidden in the software.

Zombie machines to mine crypto with Nvidia GPUs?

LHR Unlocker’s dev — known online as “Sergey” — had leveraged a commonly found Trojan picked up by several off-the-shelf antivirus software.

According to PCMag, Sergey’s program included a component called “AI_FileDownload” which linked directly to to “drivers.sergeydev[.]com” to retrieve the malware.

It’s not totally clear what the malware did. Stepanov reckons its creator might’ve sought to build a botnet; a network of exploitable zombie machines.

It could be they planned to use the botnet to illicitly mine crypto with other people’s GPUs. Others speculate the malware could’ve operated as a keylogger, potentially siphoning usernames and passwords to steal crypto or other sensitive data.

Mikhail Stepanov posted a scan of the Unlocker’s driver file to the creator’s GitHub. It shows multiple virus scanners detecting the Trojan.

Read more: [Norton spent years blocking crypto miners — now it mines Ethereum]

In any case, it seems like the threat was minimized once the Trojans were made public. LHR Unlocker has since been scrubbed from GitHub.

It’s worth noting too that while Nvidia’s hashrate limiter does appear to work to some degree, miners have reported little hindrance from the efforts around one year later, with many still looking to buy the affected GPUs.

This is mostly due to counter-measures discovered by the crypto mining community, which have recovered some of the GPUs’ maximum hashrate.

Looking for bite-sized news? We’re on Twitter.