Cybercriminals now have the tools to execute malware on GPUs
Cybercriminals now have the tools to execute malware on GPUs
According to Bleeping Computer, a cybercriminal has sold a PoC (Proof of Concept) technique that utilises the space within a GPU’s memory buffer to execute malicious code. This PoC technique has been sold to an unknown group of so-called “Threat Actors”, apparently giving cybercriminals a new tool for their arsenal.Â
It is unknown how dangerous this new hacking method can be to regular PC users. That said, the technique is already said to work on GPUs from AMD, Intel and Nvidia. These include Intel’s HD 620/630 iGPUs, AMD’s Radeon RX 5700, Nvidia’s GTX 740M, and Nvidia’s GTX 1650. This technique works on Windows PCs that support OpenCL 2.0 or higher, which means that other Intel, Radeon and Geforce GPUs are likely to be affected.Â
 Â
 Â
While this is not the first time that graphics cards have been used to hide malware, older methods were created by researchers and are not designed to be used by cybercriminals. The creator of this new hack has stated that their method is different to that used by existing GPU malware rootkits like JellyFish.
Researchers from vx-underground have claimed that they will be able to demonstrate the technique behind this new malware soon. The group has confirmed that the malcode can be used to execute code using GPU memory space.Â
Â
 
The long term implications of GPU-based malware can only be guessed at. Even so, anti-virus techniques will grow in complexity to detect these new malware types, and new GPU drivers will likely be designed to make GPUs less prone to exploitation.Â
You can join the discussion on cybercriminals targetting GPUs for future malware on the OC3D Forums.Â
