Malware Hidden In GPU Memory, Invisible to Antivirus Applications, Could Potentially Harm PCs

AMD Navi 23 GPU

Criminals in cyberspace have created a malware plan that tin be hidden in GPU memory and make it invisible to antivirus applications.

Hackers Could Store Malware Inside Your GPU Retentiveness, Undetectable By Antivirus

The technique utilizes GPU retentiveness resource allotment space and executes the malicious code into the reckoner. The OpenCL ii.0 API technology used on the Windows OS is the only targeted operating system, with no other OS mentioned in the attacks.

So far, hackers take been able to shop malicious code on various GPUs from Intel (UHD 620/630), AMD (Radeon RX 5700), and NVIDIA (GeForce GTX 1650 / GeForce GT 740M). This could very well affect all modernistic GPUs and not just older generation parts.

Source: Bleeping Calculator

In 2015, a research group conceptualized a keylogger inside of a GPU that could activate remote admission trojans into Windows operating systems. All the same, this new technique is stated to exist a newer concept and not derivative of the 2015 creation.

Under normal conditions, executing code on the GPU requires a controlling process running on the host. The host process adds a task on the command queue, which will be eventually fetched and executed by the GPU. Even so, GPUs accept a non-preemptive nature: one time the execution of a job is initiated, the GPU is locked with the execution of that job and no one else can employ the GPU in the meanwhile. This is particularly problematic when the GPU is used both for rendering and computation, as this could generate undesired furnishings such as an unresponsive user interface.

As a upshot, in order to ensure a proper behavior, the graphic driver normally enforces a timeout to kill long lastingkernels. For GPU malware this could represent an important limitation because the maliciouskernel needs to be sent over and over in a loop, making information technology more easy to detect in system memory.

The first anti-forensic technique consists in disabling the existing timeout to take full command of the GPU. For case, in Vasiliadis et al. (2014) the authors disabled theGPU hangcheck to lock the GPUs indefinitely.

— Science Direct website

Recently an unknown individual sold a malware technique to a group of Threat Actors.

This malcode allowed binaries to be executed by the GPU, and in GPU memory address infinite, rather the CPUs.

We will demonstrate this technique soon.

— vx-undercover (@vxunderground) August 29, 2021

Representatives of the forum vx-underground are in the procedure of creating a demonstration of the malware attack on Windows operating systems in the next few weeks. The research group states that the GPU will execute malware binaries from within the graphic menu's memory allocated spaces.

Source: https://wccftech.com/malware-hidden-in-gpu-memory-invisible-to-antivirus-applications-could-potentially-harm-pcs/

Posted by: byrdwhimor.blogspot.com

Share this post