Sometimes programs meant to make something work the way it should not work cause more harm than good. Unsurprisingly, this is what happened with the Nvidia RTX LHR v2 Unlocker that would supposedly restore the Ethereum mining potential of Nvidia's GeForce RTX 30- and RTX A-series graphics cards. Instead of fixing the capped mining performance, the utility infects the host system with malware, as discovered by our colleague Hassan Mujtaba.
The Nvidia RTX LHR v2 Unlocker claimed it could modify the firmware of graphics cards to remove mining performance cap introduced by Nvidia to make its LHR (light hash rate) boards unattractive to miners. Editing a graphics card BIOS is not something that developers of GPUs and makers of graphics cards expect the end user to do, so consider it a half-legal action. But the file 'LHRUnlocker Install.msi' not only fails to perform what it promises, but also infects powershell.exe, a Windows service, with malware.
While we fully expect utilities like this to perform somewhat suspicious activities, as they're meant to evade certain limitations set by the OS and drivers, we certainly do not expect the application to check for available system drives, perform evasive loops to hinder dynamic analysis, use code obfuscation techniques, or cause abnormally high CPU usage, as reported by Joe's SandBox Cloud.
The utility itself may not cause critical damage immediately, but it should be noted that it works only with modified Nvidia drivers and they may in turn be infected with something much more harmful. In any case, we have removed links to the Nvidia RTX LHR v2 Unlocker from the original story.
