A bunch of enterprising Russian hackers has developed malware capable of hiding itself in graphics cards. The malicious tool has reportedly been sold to cyber criminals on a Russian forum, and the group is expected to demonstrate the vulnerability soon. According to the individual who sold it, the tool remains hidden in the graphics memory and executes from there.
This allows it to bypass existing protections as most security measures focus on the CPU. According to Bleeping Computer, this isn’t the first malware of its kind (one that hides in the GPU memory). That distinction goes to the JellyFish rootkit. However, this newer tool differs from JellyFish as it does not use code mapping to the userspace.
The hackers claim that the malware works on Intel’s integrated UHD 620 and 630 graphics, as well as some of the latest NVIDIA and AMD discrete GPUs. Till now, it has been successful on the Radeon RX 5700 (Navi 10), GeForce GTX 740M, and the GeForce GTX 16-series lineup. In terms of compatibility, it works on Windows workstations with support for OpenCL 2.0 and newer.