Do you know that as of right now, Cybercriminals are looking to exploit you by hiding malicious code inside of its VRAM? Yes, that’s true and according to cyber experts, this process allows the code from being detected by antivirus scanners sweeping the PC’s main RAM. According to reports, a proof-of-concept (POC) for a tool that makes this possible was sold online, just a few days ago.
Graphics cards have only one purpose and that’s providing an accelerating 3D workload. But the current modern graphics cards, especially the best ranking ones have their complete ecosystems which focus on accelerating graphics. They have thousands of cores for video acceleration, and amongst them, a few control cores also have their memory buffer (VRAM) to load all of those game textures.
According to recent reports, it’s possible to hide the malicious code in the graphic card’s memory buffer and the rest of the system will not even detect it. However, there are not many details revealed about this new hack but the posting hit the web on August 8 and was reportedly sold by August 25 for an undisclosed amount.
Though it’s not clear as to how the exploit will work the hacker offered the toolkit with the PoC describing it as an exploit that allocates address space in the GPU VRAM and stealthily inserts and executes the code from there since antivirus can not scan a GPU’s VRAM.
Recently an unknown individual sold a malware technique to a group of Threat Actors.
— vx-underground (@vxunderground) August 29, 2021
This malcode allowed binaries to be executed by the GPU, and in GPU memory address space, rather the CPUs.
We will demonstrate this technique soon.
This isn’t the first time there has appeared an exploit such as these, just a few years back researchers published the open-source Jellyfish attack that exploited the LD_PRELOAD technique from OpenCL to connect system calls and the GPU. It forced malicious code execution from the GPU and the PC was unable to detect its existence.
