Malware Finds a New Place to Hide: Graphics Cards

The biggest problem with graphics cards over the past 18 months has been actually finding one to buy, but it turns out they could soon pose a serious malware threat to your PC.

As Bleeping Computer reports, a proof-of-concept (PoC) technique for both storing and executing malware on a graphics card has recently been sold on a hacker forum. In the forum listing, the seller explains how this technique avoids the RAM scanning performed by antivirus software, keeping the malicious code safe from detection. The malware runs using the GPU and the code is stored in VRAM.

For now, the technique is confirmed to only work on Windows machines, but it's compatible with a wide selection of GPUs and graphics cards. The seller tested the technique on Intel's UHD 620 and 630 GPUs, AMD's Radeon RX 5700, and Nvidia's GeForce GT 740 and GTX 1650, so it's presumed the same technique will work on other AMD and Nvidia cards/GPUs. Research team vx-underground also confirmed the malware can be executed on a GPU rather than a CPU.

The concept of GPU-based malware isn't new; a JellyFish GPU rootkit proof-of-concept was published in 2015. A GPU keylogger and trojan were also publicly shared by the JellyFish researchers, so the threat is a known one. However, the seller of this new PoC claims there is no association with JellyFish and that this is a new method of infiltration.

It's not known who purchased this latest PoC malware, but vx-underground plans to demonstrate the technique used "soon." Security researchers and vendors will no doubt be very keen to see it in action before quickly working on mitigation solutions to add to their consumer and business products. As ever with new security attack vectors, it's always a case of when rather than if they will be used.

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Your subscription has been confirmed. Keep an eye on your inbox!