Cybercriminals have become more interested in malware that executes code from the graphics processing unit (GPU) of a compromised computer. Moreover, attackers even sell a GPU malware hiding tool from AMD and NVIDIA on the forum. The proof-of-concept (PoC) code put up for sale, according to experts, will become the starting point for new sophisticated cyberattacks.
With this approach, criminals will be able to bypass detection by anti-virus products, hide malware from scanners, and even avoid using RAM.
According to the description that the vendor attached to the PoC, this method uses GPU memory to store malicious code and launch it from that area. But there is also a caveat: the technique only works with Windows systems that support OpenCL version 2.0 or higher.
The cybercriminal's post also mentions testing of malicious code on Intel (UHD 620/630), Radeon (RX 5700) and GeForce (GTX 740M (?), GTX 1650) video cards.
Apparently, the attacker has already managed to sell the PoC code, which means that new attacks using the described method may soon await us.
With this approach, criminals will be able to bypass detection by anti-virus products, hide malware from scanners, and even avoid using RAM.
According to the description that the vendor attached to the PoC, this method uses GPU memory to store malicious code and launch it from that area. But there is also a caveat: the technique only works with Windows systems that support OpenCL version 2.0 or higher.
The cybercriminal's post also mentions testing of malicious code on Intel (UHD 620/630), Radeon (RX 5700) and GeForce (GTX 740M (?), GTX 1650) video cards.
Apparently, the attacker has already managed to sell the PoC code, which means that new attacks using the described method may soon await us.
