Malware: New malware, developed as a proof of concept, can infect the graphics card’s memory buffer without being detected by the rest of the system, according to information from a hacker forum cited by the BleppingComputer website.
The malicious code was sold online on August 25th as an exploit that allocates address space in the GPU’s VRAM where it performs its actions. As the antivirus cannot scan the graphics card memory, the malware works unnoticed.
In order for the attack to be executed, the user needs a Windows PC that supports OpenCL 2.0 or higher. It has reportedly been tested and works with Intel’s UHD 620/630 integrated graphics cards, as well as AMD and NVIDIA models, including Radeon RX 5700, GeForce GTX 740M and GTX 1650.
Details of the execution of the attack are not yet known. However, the group VX Underground, which specializes in studying malicious code and posting its results on the Internet, said on Twitter that it intends to demonstrate how the new malware works soon.
Malicious Codes on Graphics Cards
Exploiting graphics card vulnerabilities to perform computer attacks is nothing new. In 2015, researchers published a similarly functioning open source attack known as JellyFish. The exploit exploited OpenCL’s LD_PRELOAD technique to connect system calls and the GPU, forcing the execution of malicious code.
The seller of the new malicious code has rejected the association with the JellyFish malware, claiming that its method is different and does not rely on mapping code back to user space. There are no details about the business, who bought it and the transaction amount.
With the increased use of graphics cards, dedicated to providing and accelerating 3D workloads, including for cryptocurrency mining due to their high processing power, attacks of this type can become increasingly common.