Malwares Using GPU To Hide

Malwares Using GPU To Hide

Yes, you read that title correctly, malware's using GPU instead of CPU to remain hidden. Basically, this malware uses GPU's dedicated RAM and processors. The rootkit dubbed 'Jellyfish' is a proof of concept designed by a team of developers for linux systems.

Since there is no tools available to analyze GPU malwares, such threats are very alarming. It can also snoop on the host's primary memory, which is used by most other programs, via DMA (direct memory access), the researchers said. 

The malicious GPU memory persists even after the system is shut down, they added.

The researchers also created a GPU-based keylogger called Demon that's inspired by a 2013 academic research paper titled "You Can Type, but You Can't Hide: A Stealthy GPU-based Keylogger."

"The key idea behind our approach is to monitor the system’s keyboard buffer directly from the GPU via DMA, without any hooks or modifications in the kernel's code and data structures besides the page table. The evaluation of our prototype implementation shows that a GPU-based keylogger can effectively record all user keystrokes, store them in the memory space of the GPU, and even analyze the recorded data in-place, with negligible runtime overhead," the researchers behind the 2013 paper wrote.

You don't need to worry about malicious hackers using GPU based malware yet. If they develop a malware like Jellyfish and Demon, there will be some good tools to analyze GPU malwares.

No comments

Powered by Blogger.