Security News > 2021 > August > Cybercriminal sells tool to hide malware in AMD, NVIDIA GPUs

Cybercriminal sells tool to hide malware in AMD, NVIDIA GPUs
2021-08-31 15:12

Cybercriminals are making strides towards attacks with malware that can execute code from the graphics processing unit of a compromised system.

In a short post on a hacker forum, someone offered to sell the proof-of-concept for a technique they say keeps malicious code safe from security solutions scanning the system RAM. The seller provided only an overview of their method, saying that it uses the GPU memory buffer to store malicious code and execute code.

According to the advertiser, the project works only on Windows systems that support versions 2.0 and above of the OpenCL framework for executing code on various processors, GPUs included.

In a tweet on Sunday, researchers at VX-Underground threat repository said that the malicious code enables binary execution by the GPU in its memory space.

The seller rejected the association with the JellyFish malware saying that their method is different and does not rely on code mapping back to userspace.

Previously, the researchers demonstrated that malware authors can take advantage of the GPU's computational power to pack the code with very complex encryption schemes much faster than the CPU..


News URL

https://www.bleepingcomputer.com/news/security/cybercriminal-sells-tool-to-hide-malware-in-amd-nvidia-gpus/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Nvidia 239 12 178 319 15 524
AMD 892 5 120 122 27 274