The main benefit of hiding malware in the GPU memory is that it avoids regular anti-malware detection. The proof-of-concept code was reportedly tested on graphics solutions from Intel (UHD 620/630), Radeon (RX 5700), and GeForce (GTX 740M(?), GTX 1650).
In a short post on a hacker forum, someone offered to sell the proof-of-concept (PoC) for a technique they say keeps malicious code safe from security solutions scanning the system RAM.
The seller provided only an overview of their method, saying that it uses the GPU memory buffer to store malicious code and to execute it from there.
According to the advertiser, the project works only on Windows systems that support versions 2.0 and above of the OpenCL framework for executing code on various processors, GPUs included.
Recently an unknown individual sold a malware technique to a group of Threat Actors.
— vx-underground (@vxunderground) August 29, 2021
This malcode allowed binaries to be executed by the GPU, and in GPU memory address space, rather the CPUs.
We will demonstrate this technique soon.