Sometimes programs designed to improve performance do more harm than good. Unsurprisingly, this is exactly what happened with the Nvidia RTX LHR v2 Unlocker, which supposedly unlocks the full potential of the GeForce RTX 3000 graphics cards in mining for Ethereum mining of the Nvidia GeForce RTX 30 and RTX A-series graphics cards. Instead of fixing limited mining performance, the utility infects the host system with malware, as the user discovered Hassan Mujtaba.
The Nvidia RTX LHR v2 Unlocker malware has been claimed to be able to modify graphics card firmware to remove a mining restriction introduced by Nvidia to make LHR (light hash rate) boards unattractive to miners. Editing the graphics card BIOS is not something that GPU designers and graphics card manufacturers expect from the end user, so consider it a semi-legal act. But the file “LHRUnlocker Install.msi” not only does not do what it should, but also infects powershell.exe with malware. (The genuine file is a software component Microsoft Windows by Microsoft).
This malicious software performs several suspicious actions, since they are designed to avoid some restrictions set by the operating system and drivers, we certainly do not expect the application to check the disks available to the system to analyze the actions to interfere with dynamic analysis, use code obfuscation by various methods, or cause abnormally high CPU usage, as reported by fromJoesandbox virus analysis site.
The utility itself may not immediately cause critical damage, but it should be noted that it only works with modified Nvidia drivers, and they, in turn, can be infected with something much more harmful. In any case, links to Nvidia RTX LHR v2 Unlocker have already been removed.