Malware can now be hidden in GPU memory

Posted on Wednesday, Sep 01 2021 @ 21:53 CEST by Thomas De Maesschalck
Bleeping Computer reports cybercriminals have figured out a new way to evade detection. Exact details are unknown, but the method reportedly allows binary execution by the GPU in its memory space. GPU malware has been discussed in academic circles for several years, but this is the first time a cybercriminal managed to come up with a way to weaponize it.

The main benefit of hiding malware in the GPU memory is that it avoids regular anti-malware detection. The proof-of-concept code was reportedly tested on graphics solutions from Intel (UHD 620/630), Radeon (RX 5700), and GeForce (GTX 740M(?), GTX 1650).
In a short post on a hacker forum, someone offered to sell the proof-of-concept (PoC) for a technique they say keeps malicious code safe from security solutions scanning the system RAM.

The seller provided only an overview of their method, saying that it uses the GPU memory buffer to store malicious code and to execute it from there.

According to the advertiser, the project works only on Windows systems that support versions 2.0 and above of the OpenCL framework for executing code on various processors, GPUs included.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments