That disruptive crypto mining tool has a dark secret
A tool claiming to remove all existing mining limits on several Nvidia GPUs, which naturally generated a lot of interest, has proven to be malware instead.
By
Zak Islam
February 24, 2022 6:58AM
A tool that claimed to remove all the existing mining limits on several popular Nvidia GPUs has proven to be malware instead.
The Nvidia RTX LHR v2 Unlocker by Sergey was revealed as a program that would modify the BIOS of Nvidia RTX 30-series graphics cards in order to unlock full mining performance. However, following an early launch, it has now been discovered that the creator planned to spread dangerous malware to users.
A cryptocurrency miner attached to a laptop Getty ImagesInitially due for a public beta version release next week on February 28, the tool was released yesterday on the developer’s GitHub page, which has since been removed. According to PCGamer, upon downloading and running the ‘LHRUnlocker Install.msi’ file, powershell.exe is deployed, a Windows service infected with malware. Tom’s Hardware also reports that a malware scan via Joe Sandbox confirms the tool attempts to block Windows Defender from detecting it.
As reported by PCMag, Russian data scientist Mikhail Stepanov offered some further insight into the malicious program that was posing as an Ethereum mining unlocker. The installer itself includes a Nvidia GeForce driver file that 18 different antivirus scans recognize as malware.
Stepanov, a cryptocurrency miner himself, attempted to unpack the installer and run it via a virtual machine. As opposed to a tool that could have once again changed the landscape of the GPU market, he found that the installer extracts a harmful driver file from a server located at “drivers.sergeydev[.]com.”
While the exact motive behind the developer’s decision to spread malware remains unclear, Stepanov provided a clue as to what it may have been. “This is a common Trojan,” Stepanov told PCMag. “Most likely they wanted to build a botnet.”
Botnets have become an effective method in installing crypto mining malware on systems, so it’s not farfetched to assume that Sergey may have been planning to generate crypto profits by taking advantage of users who downloaded his file. Of course, it makes perfect sense that Sergey wanted to build a crypto mining botnet. He could have been due to receive a huge financial windfall by mining on thousands or tens of thousands of computers without lifting a finger himself. He would also not have to pay for the electricity costs associated with such activity.
The timing of the Nvidia RTX LHR v2 Unlocker’s announcement was suspicious in and of itself when considering the current state of the cryptocurrency market. With prices falling across the board for some of the most popular coins such as Bitcoin and ETH, the whole crypto space is currently in free fall. Why would someone start mining now when it would take well over a year to even recoup the cost of just the Nvidia GPU?
Tom’s Hardware points out that cryptocurrency mining profitability has been continuing to decrease as of late. A full-speed RTX 3080 Ti will make a miner $3.50 per day. When factoring in the price tag of $1,700 for the GPU itself, it would take nearly 500 days to just break even.