Hackers found a new way to store viruses in GPU memory

Published: Sep 1st 2021, 07:18 GMT   Comments

Malicious code hidden in VRAM, undetectable by antiviruses

A new cyberhack featuring graphics card memory.

According to Bleeping Computer, cybercriminals have found a new way to hide malware in graphics cards memory. This method of utilizing graphics card memory instead of system memory is undetectable by the antivirus software, the original advertisement on hacking forums claims.

The malware uses graphics memory allocation space, from where the code is executed. The technology uses OpenCL 2.0 API on Windows operating system, no other systems are affected by the malicious code.

The hacker confirmed that the code has been tested on Intel UHD 620/630 graphics as well as Radeon RX 5700 GPU and GeForce GTX 740M and GTX 1650 discrete cards. It is unclear if other graphics cards are affected, but assuming that this method uses OpenCL 2.0, it is very likely to be compatible with other modern GPUs.

Malware hidden in GPU memory advertisement, Source: Bleeping Computer

Using graphic memory to execute malicious code is not an entirely new topic. Back in 2015 researchers have demonstrated a proof of concept for a GPU-based keylogger and remote access trojans for Windows. The author of the new malware claims that his method is new and not associated with those methods.

Researchers from vx-underground will demonstrate the technique behind the new malware soon. They confirmed that the GPU executes malware binaries from within the GPU memory space.

Source: Bleeping Computer via Tom’s Hardware

Comment Policy
  1. Comments must be written in English and should not exceed 1000 characters.
  2. Comments deemed to be spam or solely promotional in nature will be deleted. Including a link to relevant content is permitted, but comments should be relevant to the post topic. Discussions about politics are not allowed on this website.
  3. Comments and usernames containing language or concepts that could be deemed offensive will be deleted.
  4. Comments complaining about the post subject or its source will be removed.
  5. A failure to comply with these rules will result in a warning and, in extreme cases, a ban. In addition, please note that comments that attack or harass an individual directly will result in a ban without warning.
  6. VideoCardz has never been sponsored by AMD, Intel, or NVIDIA. Users claiming otherwise will be banned.
  7. VideoCardz Moderating Team reserves the right to edit or delete any comments submitted to the site without notice.
  8. If you have any questions about the commenting policy, please let us know through the Contact Page.
Hide Comment Policy