It turns Out GPUs Are Capable Of Hosting Malware Too!

A technique for storing malware on GPU is apparently out there.

It turns Out GPUs Are Capable Of Hosting Malware Too!
Image: Unsplash

Recent news, which doesn’t come as a surprise, shows how the graphics card inside your computer can store malicious codes. Cybercriminals have reportedly sold GPU-based malware via a hacking forum, which can be hidden in the GPU’s VRAM of a compromised computer. However, the details about the deal are unknown as of now.

As scary as this sounds, so far, we’ve no proof yet of how hazardous this method of injecting malware could be. This approach has worked while proof-of-concept hacks on a dedicated and integrated GPU from NVIDIA, Intel, and AMD. This could potentially be a shift in the refinement of cybercriminal activities.

However, this technique is particularly alarming and dangerous is the ability to inject the VRAM of a GPU with malware. This is undetectable by antiviruses since antivirus software does not have the ability to scan the VRAM of a GPU, at least for now. Since

In a post on the hacker forum, a hacker sold the proof-of-concept for a technique claiming to keep the malicious code on GPU safe from antivirus software. According to the cybercriminal, the method uses a GPU memory buffer to store the malware and execute the malicious code.

GPU malware ad listing
Image Credit: Bleeping Computer

Malware Tested on Various GPUs

According to Bleeping Computer, the cybercriminal also mentions in the post how they’ve tested the code on graphics cards from Intel – UHD 620, UHD 630; AMD’s Radeon RX 5700; and NVIDIA GeForce GTX 740M, GTX 1650. Notably, the seller revealed that the technique only works on Windows systems that support OpenCL framework versions 2.0 and above. For the uninitiated, OpenCL is an open standard used to accelerate applications of GPUs.

Interestingly, another user of the hacker forum shared that the GPU-based malware technique is not new and has been attempted before. However, the previous GPU-based malware rootkit, named JellyFish, was a Linux-based GPU malware rootkit. Nevertheless, the latest GPU-malware Rootkit and the JellyFish RootKit are not the same, at least according to the cybercriminal.

Furthermore, VX-Underground, apparently the most extensive collection of malware code and sample papers on the internet, stepped in to reveal that the organization is aware of the technique and plans to demonstrate it soon.

With all being said, PC users should remain vigilant of any suspicious emails, links, or downloads from unreliable sources; since antivirus software can’t yet detect this GPU-based malware which sits quietly in the GPU’s VRAM.

Akshay Bhardwaj

Akshay Bhardwaj

A casual gamer, fascinated with everything geeky, mostly found lazing around. I drink, and I don't know things!
More From Fossbytes

Latest On Fossbytes

Find your dream job