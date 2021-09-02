A new kind of malware has just been developed and it could make a lot of noise (and harm) in the coming weeks. Because rather than being executed by the CPU of the computer, it attacks the GPU of the PC.

On a specialized forum, a hacker very recently proposed to sell a proof of concept concerning an unprecedented technique for distributing malware. Unpublished, because it hides malicious code in the GPU buffer, and even manages to execute it there directly, bypassing the CPU of the infected computer.

If the message was posted on August 8th on the hack forum, the proof of concept was sold on August 25th. Although no information on the agreement between the seller and the buyer has been provided, security experts at VX-Underground explain that the threat is real. The malware does allow binary execution in GPU memory space and they will demonstrate this shortly.

This malware that attacks the machine’s GPU is undetectable by antivirus

According to the “seller”, the technique used can only be used on Windows systems that support OpenCL versions 2.0 and higher (an API coupled with a programming language close to C, the latest version being 3.0). MacOS or Linux users can therefore sleep soundly for the time being.





At present, this type of malware is undetectable by conventional antiviruses, since their software does not analyze GPU code. Publishers will therefore have to review their copy quickly. The malware author claims thathe successfully tested its method on the following different GPU models:

Intel UHD 620

Intel UHD 630

AMD Radeon RX 5700

Nvidia GeForce GTX 740M

Nvidia GeForce GTX 1650

Of course, if we do not find in this list of recent models such as the GeForce RTX 3080 or the Radeon RX 6900, it is not exhaustive: it is most likely the AMD, Nvidia and Intel models available to the hacker. In fact, hundreds of recent or older GPU models are potentially affected, especially when you know thatOpenCL 2.0 was released in 2013.

Also read: Windows Defender Can Use GPU To Detect Malware Without Slowing Down PC

This is not quite the first malware attacking the PC’s GPU. Already in 2013, researchers from Columbia University in New York and the Institute of Computer Science Foundation for Research and Technology in Greece before demonstrated that it was possible to store keyloggers in GPUs. In 2015, the inventors of the JellyFish rootkit also unveiled a keylogger using the computer’s graphics card, all while operating remotely. The hacker responsible for the new malicious code explains that his method is totally different and that it does not in any way involve a code mapping to the user space.

Recently an unknown individual sold a technical malware to a group of Threat Actors. This malcode allowed binaries to be executed by the GPU, and in GPU memory address space, rather the CPUs. We will demonstrate this technique soon. – vx-underground (@vxunderground) August 29, 2021

Source: Bleeping Computer