According to Bleeping Computer, hackers have discovered a new method to store viruses in the graphics card’s memory. In this method, hackers utilize graphics card memory instead of system memory. As per the advertisement on hacking forums, antivirus software can not detect this.
The code is executed from the graphics memory allocation space. While running on Windows 10, it uses OpenCL 2.0 API. Luckily, it doesn’t affect other systems.
The hacker confirms that the code was tested on Intel’s UHD 620/630 graphics, Radeon RX 5700 GPU, GeForce GTX 740M, and GTX 1650 discrete cards. It remains unclear whether other graphics cards are affected or not. Assuming that it utilizes OpenCL 2.0, then it will most probably be compatible with other latest GPUs too.
The use of graphics memory to execute malicious code is not a new concept. Researchers have used a GPU-based keylogger and remote access trojans for Windows to demonstrate this concept back in 2015. However, malware’s author claims that this method is new and not associated with those methods.
Researchers at vx-underground will soon show the technique behind this new virus. They confirmed that the GPU executes malware binaries from within the GPU memory space.
Recently an unknown individual sold a malware technique to a group of Threat Actors.
This malcode allowed binaries to be executed by the GPU, and in GPU memory address space, rather the CPUs.
We will demonstrate this technique soon.
— vx-underground (@vxunderground) August 29, 2021