Nvidia RTX LHR Mining Unlocker Is Malware: From Hack to Hoax

LHR Unlocker V2 contains malware
(Image credit: Tom's Hardware)

Sometimes programs meant to make something work the way it should not work cause more harm than good. Unsurprisingly, this is what happened with the Nvidia RTX LHR v2 Unlocker that would supposedly restore the Ethereum mining potential of Nvidia's GeForce RTX 30- and RTX A-series graphics cards. Instead of fixing the capped mining performance, the utility infects the host system with malware, as discovered by our colleague Hassan Mujtaba.

The Nvidia RTX LHR v2 Unlocker claimed it could modify the firmware of graphics cards to remove mining performance cap introduced by Nvidia to make its LHR (light hash rate) boards unattractive to miners. Editing a graphics card BIOS is not something that developers of GPUs and makers of graphics cards expect the end user to do, so consider it a half-legal action. But the file 'LHRUnlocker Install.msi' not only fails to perform what it promises, but also infects powershell.exe, a Windows service, with malware.

While we fully expect utilities like this to perform somewhat suspicious activities, as they're meant to evade certain limitations set by the OS and drivers, we certainly do not expect the application to check for available system drives, perform evasive loops to hinder dynamic analysis, use code obfuscation techniques, or cause abnormally high CPU usage, as reported by Joe's SandBox Cloud.

The utility itself may not cause critical damage immediately, but it should be noted that it works only with modified Nvidia drivers and they may in turn be infected with something much more harmful. In any case, we have removed links to the Nvidia RTX LHR v2 Unlocker from the original story.

Anton Shilov
Contributing Writer

Anton Shilov is a contributing writer at Tom’s Hardware. Over the past couple of decades, he has covered everything from CPUs and GPUs to supercomputers and from modern process technologies and latest fab tools to high-tech industry trends.

  • drivinfast247
    No way!




    Lol
    Reply
  • InvalidError
    Who could have imagined that a hack targeted at crypto-miners may come with a malicious payload? Looks like the ideal cover for malware that scans a system for crypto wallet keys and clean those wallets out after a while.
    Reply
  • saunupe1911
    drivinfast247 said:
    No way!




    Lol

    LMAO They should have never shared this story in the first place!
    Reply
  • Krotow
    saunupe1911 said:
    LMAO They should have never shared this story in the first place!

    Why? Let it stay as warning for someone who want to cheat a little for a quick buck.
    Reply
  • hotaru251
    Krotow said:
    Why? Let it stay as warning for someone who want to cheat a little for a quick buck.
    cheat?
    its not cheating.

    LHR gpu's shouldnt of EVER been a thing.

    it did nothing as it was STILL profitable to use LHR gpu.

    do they deserve it? sure. never download a program that sounds too good to be true.

    but it is in no way them "cheating"
    Reply
  • drtweak
    Wow. My first red flag is that it is a .MSI file XD
    Reply
  • peachpuff
    Why was this even posted yesterday to begin with? :rolleyes:
    Reply
  • Fates_Demise
    peachpuff said:
    Why was this even posted yesterday to begin with? :rolleyes:
    Because it was news with a possible work around for crypto? Duh dude. Site never claimed it was legit.
    There have been plenty of partial working ones already
    Reply
  • TechLurker
    One would have expected the author of the original story would at least do some due diligence and either wait for someone to validate the "unlocker", or do it on an isolated, disposable testbed, before actually linking to it. Instead, they just helped spread malware. :tearsofjoy:

    For a moment, I feel like it was the early 00s again, when early techsites just linked to what they thought was a safe program, only to later find out it was malware-infested. Which then led to tech sites that actually did some prior research on the programs before linking it in recommendations or suggestions.
    Reply
  • jacob249358
    I trade cryptos on trustable and popular websites but I never get into the scammy websites and giveaways and mining bogus. I've always feared hackers ever since a random guy on discord gave me the address my VPN was rerouted to.
    Reply