Hackers have new attack methods to hide malware in AMD, NVIDIA GPUs

Whether it’s AMD, NVIDIA, or Intel’s GPUs, there are now risks to be exploited by malware to attack, because according to a report by Bleeping Computer, cybercriminals found a way to store and execute malware from GPU memory.

Although there have been almost similar methods before, they are all researches in academia, and they are not complete methods. Earlier this month, someone publicly sold PoC (proof of concept) files on a hacker forum that allowed malicious code to avoid system RAM checks, explain that the attack methods of criminals may have transitioned to a more sophisticated level.

Source: BleepingComputer

The seller did not give too much explanation but said that this method uses the GPU’s video memory buffer to store and execute malicious code. However, this method also has certain limitations, that is, it can only be used on Windows systems that support OpenGL 2.0 or above. The seller also stated that they have tested this method on Intel UHD 620/630, RX 5700, GTX 740M, and GTX 1650 graphics cards and it is feasible.

Afterward, someone pointed out on the forum that GPU-based malware has also appeared before. Just like JellyFish, this is a Linux-based GPU rootkit. However, the seller subsequently denied that their new method had any connection with JellyFish. This PoC was listed on August 8 and sold on August 25. Of course, the seller did not announce the selling price and who the other party was.

Such an attack method is theoretically very difficult to be detected by the defense software, and even if it is detected, it is difficult to delete it. It may be necessary to re-flash the vBIOS of the graphics card.