Trumpeted as a long-awaited generic vBIOS patch for NVIDIA RTX 30-series LHR (Low Hash Rate) GPUs, 'LHRUnlocker' became available via GitHUB on Tuesday and was immediately picked up by tech media including WCCFTech and Tomshardware with a worrying lack of incredulity. And as the saying goes, 'if something seems to good to be true... it's probably designed to rip off your crypto wallets'.
NVIDIA's RTX 30-series consumer cards have been fitted with hash rate inhibitors that significantly reduce their cryptocurrency 'mining' potential, largely targetting algorithms used by Ethereum and other popular ASIC-resistant currencies. Whether NVIDIA's aim was to stifle miner demand for these cards will be argued till the series EOLs, but the reality is that silicon at the heart of the graphics cards are theoretically capable of much more... if only they're 'unlocked'.
Thus far no generic 3rd-party patch (firmware or otherwise) has publicly surfaced that can unlock this potential performance and make the cards more profitable to miners, despite a lot of bluster in the community to the contrary. That was apparently until a tool dubbed 'RTX LHR BIOS v2 Unlocked' was uploaded to GitHUB this week by 'Sergey' alongside a list of 'supported' RTX 30-series LHR hardware. Cue gushing coverage.
But it was a scam
Detective work by Red Panda Mining swiftly poured cold water over the tool, and earlier today their team tore it apart in real time, revealing some of its secrets.
The package downloads a payload infested with viruses that elevate privileges, insert backdoors, disable standard anti-malware protections and fully compromise your system in very short order. It then runs in the background, waiting for a remote server to come back online to harvest data or distribute further malware. Red Panda Mining were only comfortable running the installer on a heavily protected and sandboxed virtual machine, which was killed swiftly after.
Those who have LHRUnlocker run the tool should assume that their system, and crypto wallets, have been compromised. It could also potentially have propagated outwards to other devices connected to the network. Whatever measures necessary to lock down system hardware and accounts should be taken immediately.
Full credit to Red Panda Mining for their work on uncovering the scam in such a rigorous manner.