Just as most software developers include the latest security features in their projects, attackers are not far behind. By this, what we mean is that those in charge of developing malicious codes always try to search vulnerabilities and rear doors.
This malware uses GPU memory to be undetectable
Therefore, for years this has been a kind of battle between security companies and attackers, to see who is faster. In these lines we are going to tell you a new attack which at the moment is not detectable by the antivirus software you have installed.
As we discussed, below, we will talk about a new cyber attack with the memory of the graphics card as the protagonist in this case. And it is that from what has been learned now, some cybercriminals have found a new way to hide the malware in the memory of the pc graphics cards.
Recently an unknown individual sold a malware technique to a group of Threat Actors.
This malcode allowed binaries to be executed by the GPU, and in GPU memory address space, rather the CPUs.
We will demonstrate this technique soon.
– vx-underground (@vxunderground) August 29, 2021
This method of using the memory of the graphics card instead of the memory of the system, what it does is that the malware is undetectable by the antivirus. Hence, the danger that all this has is multiplied in an ostensible way.
Graphics that can be infected by malicious code
To give us an idea, this particular malware uses the graphics memory allocation space. This is where the malicious code that infects the computer is executed. Technology uses OpenCL 2.0 API on the Windows operating system, as no other system supports this malicious code. It is worth mentioning that this malicious code has been tested in a Intel UHD 620/630, as well as the Radeon RX 5700 GPU. The cards have also been tested GeForce GTX 740M and GTX 1650. What is not clear is if on other graphics cards it would still work, but it is assumed that this method uses OpenCL 2.0 and is likely to be compatible with other modern GPUs.
Keep in mind that the use of graphics memory to execute malicious code is not something entirely new. We tell you all this because in 2015, some researchers showed a concept through a keylogger based on the GPU with remote access Trojans for Windows. With all and with this, the author of the new malware that we are talking about here now, affirms that his method is new and is not associated with those other past methods.
The technique used and what is behind the new malware is currently being studied. For now they have confirmed that the GPU runs the binaries of malware from its memory space, so we only have to wait to see how it all evolves.