Everything related to safety in our equipment is one of the most important aspects that are taken into account in current technology. Hence the efforts and put in by software developers to take care of their customers as much as possible. But they do not always have the desired success, take as an example this discovered malware that is undetectable by antivirus and uses the PC’s GPU.
Just as most software developers include the latest security features in their projects, attackers are not far behind. By this, what we mean is that those in charge of developing malicious code always try to look for vulnerabilities and back doors.
This malware uses GPU memory to be undetectable
Therefore, for years this has been a kind of battle between security companies and attackers, to see who is faster. In these lines we are going to tell you about a new attack that at the moment is not detectable by the antivirus software you have installed .
As we discussed, below, we will talk about a new cyberattack with the memory of the graphics card as the protagonist in this case. And it is that from what has been learned now, some cybercriminals have found a new way to hide the malware in the memory of the PC’s graphic cards .
This method of using the memory of the graphics card instead of the memory of the system, what it does is that the malware is undetectable by the antivirus. Hence, the danger that all this has is multiplied in an ostensible way.
Graphics that can be infected by malicious code
To give us an idea, this particular malware uses the graphics memory allocation space. This is where the malicious code that infects the computer is executed. The technology uses the OpenCL 2.0 API in the Windows operating system, as no other system supports this malicious code. It is worth mentioning that this malicious code has been tested on an Intel UHD 620/630, as well as the Radeon RX 5700 GPU. Also, tests have been done on the GeForce GTX 740M and GTX 1650 cards. other graphics cards would work just as well, but this method is assumed to use OpenCL 2.0 and is likely to be compatible with other modern GPUs.
Keep in mind that using graphics memory to execute malicious code is not entirely new. We tell you all this because in 2015, some researchers showed a concept through a GPU- based keylogger with remote access Trojans for Windows. With all and with this, the author of the new malware that we are talking about here now, affirms that his method is new and is not associated with those other past methods.
The technique used and what is behind the new malware is currently being studied. For now they have confirmed that the GPU executes the malware binaries from its memory space, so we only have to wait to see how all this evolves.