PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Sorry, Tool to Unlock Nvidia's Ethereum Mining Limiter Delivers Malware

A component in the LHR Unlocker tool can fetch a file that many antivirus firms detect as malware.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Yep, it was too good to be true. A software tool claiming it can remove the Ethereum mining limiter on Nvidia’s RTX 3000 graphics cards is actually capable of delivering malware

The tool’s creator, a mysterious developer known as “Sergey,” released a beta of the “LHR Unlocker” program this morning on his GitHub page, a few days ahead of a promised Saturday launch. However, a component inside the installer can fetch an Nvidia GeForce driver file that 18 different antivirus scans will detect as malware.

The malicious nature of LHR Unlocker was noticed by a Russian data scientist named Mikhail Stepanov, who posted an antivirus scan of the driver file on Sergey’s own GitHub page. 

A virus scan of the malicious driver file.
A virus scan of the malicious driver file.

Stepanov, who mines cryptocurrency at his home, said he unpacked the installer and launched it on a virtual machine, but found no evidence it’ll unlock the Ethereum mining limiter on Nvidia’s RTX 3000 GPUs. Instead, the installer can fetch a malicious driver file from a server under the domain “drivers.sergeydev[.]com.” 

“This is a common Trojan,” Stepanov told PCMag in a chat on Telegram. “Most likely they wanted to build a botnet.” 

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
screenshot
The URL to the malicious driver file is inside one of the installer's components.

PCMag also unpacked the LHR Unlocker installer, and found that a component inside called “AI_FileDownload” does indeed lead to the domain “drivers.sergeydev[.]com” to fetch the malicious Nvidia driver file. Antivirus scans from Kaspersky, McAfee, Avast, Symantec, and Microsoft all detect it as a malicious file or as a Trojan. There is a chance the antivirus scans flagged the Nvidia driver file incorrectly. But in its current state, the beta LHR Unlocker program doesn't work.

So far, Sergey hasn’t commented on the malware allegations. His background is unclear, but a domain lookup shows sergeydev[.]com is registered to a person in Poland named Sergey Bronovsky. 

The tool was released as numerous cryptocurrency mining experts warned that Sergey’s program was likely fake and possibly a scam. The program is still available for download on his GitHub page. However, four minutes after releasing the beta on Wednesday morning, Sergey said on his Telegram channel that the server hosting the BIOS and driver files was down. 

So if you try to run the LHR Unlocker tool on a Windows PC, the program will show an error, saying that it can't install. Still, it’s best to steer clear from downloading the tool at all. The incident is also a good reminder to be on guard against cryptocurrency-related scams.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio