New malware is stored in GPU memory and is undetectable

Project created by academics was sold on hacker forum

Hackers are going further now with attacks that install malware in video card memory. This method causes the malware is undetectable by any antivirus. According to the Bleeping Computer website, the method is not new and a demo of the code had been published before in academic projects.

According to the website, the proof-of-concept (documented proof that a program or idea works) was sold on a hacker forum, making room for more advanced and, worse, undetectable intrusions, as security software cannot scan video memory, different from what happens with RAM memory.

The vendor even gave a brief description of their method, saying that everything happens in the video card’s memory buffer to store the code and run directly from VRAM. The advertiser also says that this form of invasion only works on Windows systems that support the OpenCL 2.0 framework and up.

– Continues after advertising –

The hacker guaranteed that the code was tested in the Intel UHD 620/630 APUs, in addition to video cards AMD Radeon RX 5700 and NVIDIA GeForce GTX 740M and GTX 1650. If the only requirement is OpenCL 2.0 onwards, this opens up the chances to be able to run the hack on any modern GPU.

The ad was published on August 8th and, on August 25th, the seller had already replied to interested parties that the negotiation had already been made. There are no details about the sale, of course, just that the malware code was sold to an unknown group.

Researchers had already demonstrated something similar in 2015, but the author of the new malware claims that the current method has nothing to do with previous methods. As early as 2013, researchers at the Institute of Computer Science – Foundation for Research and Technology (FORTH) in Greece and at Columbia University, New York, showed that GPUs can host keylogger operations in memory.

– Continues after advertising –

O VX-Underground, a group of people who claim to have the “largest collection of malware source code, samples and research on the internet,” will soon demonstrate using the technique, according to a Twitter post.

Is the RX 460 still worth it? [Testando hardwares ao vivo]

Is the RX 460 still worth it? [Testando hardwares ao vivo]
Let’s see how the years have gone by for the more modest Polaris


Are you thinking of buying a product online? Discover the Adrenaline Save extension for Google Chrome. It is free and offers you price comparisons in the main stores and coupons so you can always buy at the best price. Download now.

Via: Bleeping Computer