{"id":3008,"date":"2021-09-01T14:15:40","date_gmt":"2021-09-01T08:45:40","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=3008"},"modified":"2021-09-01T14:15:41","modified_gmt":"2021-09-01T08:45:41","slug":"how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/","title":{"rendered":"How Hackers Sells Tool to Hide Malware in AMD, NVIDIA GPUs?"},"content":{"rendered":"\n

Cybercriminals are creating strides against attacks with malware that can run code from the Graphics Processing Unit (GPU) of a negotiated system. While the method is not advance and demo code has been now posted before, so far the projects arrive from the intellectual world or were not completed and unrefined.\u00a0\u00a0<\/p>\n\n\n\n

The Proof-Of-Concept (PoC) was sold on a hacker forum, in starting of this month, more probably marking attackers\u2019 conversions to an advanced sophistication level for their adversaries.<\/p>\n\n\n\n

Code Analyzed on AMD, Intel, and Nvidia GPUs  <\/strong>     <\/h2>\n\n\n\n

Someone offered to sell the proof-of-concept (PoC) for a technique they say keeps malicious code secures from security solutions scanning the system RAM from a short post on a hacker forum. The seller provided only an overview of their method, stating that it utilizes the GPU memory buffer to preserve malicious code and to run it from there.<\/p>\n\n\n\n

As per the advertiser, the project functions only on Windows systems that support versions 2.0 and above of the OpenCL framework for running code on different processors, GPUs included.<\/p>\n\n\n\n

Below is the post which mentioned that the author tested the code on graphics cards from Intel (UHD 620\/630), Radeon (RX 5700), and GeForce (GTX 740m (?), GTX 1650).<\/p>\n\n\n\n

\"How-Hackers-Sells-Tool-to-Hide-Malware-in-AMD-NVIDIA-GPUs-image1\"<\/figure><\/div>\n\n\n\n

The briefing arrived on August 8, about two weeks later, on August 25, the seller reverted that they had sold the PoC without revealing the terms of the deal. Another attacker of the hacker forum showed that the GPU-based Trojan has been before, pointing to JellyFish \u2013 a six-year PoC for a Linux-based GPU rootkit.<\/p>\n\n\n\n

In a tweet on Sunday, investigators at the VX-Underground threat repository stated that the malicious code allows the binary code execution by the GPU in its memory space. They also stated that they will demonstrate the tactics in the future.             <\/p>\n\n\n\n

\"How-Hackers-Sells-Tool-to-Hide-Malware-in-AMD-NVIDIA-GPUs-image2\"<\/figure><\/div>\n\n\n\n

What is the Academic Research?<\/strong>     <\/h2>\n\n\n\n

The same investigations behind the Jelly-Fish rootkit also posted PoCs for a GPU-based keylogger and a GPU-based remote access malware for Windows. All three projects were posted in May 2015 and have been available publicly.<\/p>\n\n\n\n

The seller refused the companies with the JellyFish malware saying that their ways are different and do not rely on code mapping back to userspace. There is no information about the deal, who bought it and how much they paid. Only the sellers post that they sold the malware to an unknown party.<\/p>\n\n\n\n

While the reference to the JellyFish project suggests that GPU-based malware is a relatively advanced idea, the groundwork for this attack method has been set about eight years ago. In 2013, researchers the at Institute of Computer Science – Foundation for Research and Technology (FORTH) in Greece and Columbia University in New York showed that GPUs can host the operation of a keylogger and store the captured keystrokes in its memory space.<\/p>\n\n\n\n

Previously, the investigators analyzed that malware authors can take advantage of the GPU\u2019s computational power to pack the code with very complex encryption schemes much faster than the CPU.<\/p>\n","protected":false},"excerpt":{"rendered":"

Cybercriminals are creating strides against attacks with malware that can run code from the Graphics Processing Unit (GPU) of a negotiated system. While the method is not advance and demo code has been now posted before, so far the projects arrive from the intellectual world or were not completed and unrefined.\u00a0\u00a0 The Proof-Of-Concept (PoC) was […]<\/p>\n","protected":false},"author":2,"featured_media":3010,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"\nHow Hackers Sells Tool to Hide Malware in AMD, NVIDIA GPUs? - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Hackers Sells Tool to Hide Malware in AMD, NVIDIA GPUs? - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Cybercriminals are creating strides against attacks with malware that can run code from the Graphics Processing Unit (GPU) of a negotiated system. While the method is not advance and demo code has been now posted before, so far the projects arrive from the intellectual world or were not completed and unrefined.\u00a0\u00a0 The Proof-Of-Concept (PoC) was […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-01T08:45:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-01T08:45:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/How-Hackers-Sells-Tool-to-Hide-Malware-in-AMD-NVIDIA-GPUs-feature-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"How Hackers Sells Tool to Hide Malware in AMD, NVIDIA GPUs?\",\"datePublished\":\"2021-09-01T08:45:40+00:00\",\"dateModified\":\"2021-09-01T08:45:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/\"},\"wordCount\":508,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/\",\"url\":\"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/\",\"name\":\"How Hackers Sells Tool to Hide Malware in AMD, NVIDIA GPUs? - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-09-01T08:45:40+00:00\",\"dateModified\":\"2021-09-01T08:45:41+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Hackers Sells Tool to Hide Malware in AMD, NVIDIA GPUs?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Hackers Sells Tool to Hide Malware in AMD, NVIDIA GPUs? - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/","og_locale":"en_US","og_type":"article","og_title":"How Hackers Sells Tool to Hide Malware in AMD, NVIDIA GPUs? - Xiarch Solutions Private Limited","og_description":"Cybercriminals are creating strides against attacks with malware that can run code from the Graphics Processing Unit (GPU) of a negotiated system. While the method is not advance and demo code has been now posted before, so far the projects arrive from the intellectual world or were not completed and unrefined.\u00a0\u00a0 The Proof-Of-Concept (PoC) was […]","og_url":"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-09-01T08:45:40+00:00","article_modified_time":"2021-09-01T08:45:41+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/How-Hackers-Sells-Tool-to-Hide-Malware-in-AMD-NVIDIA-GPUs-feature-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"How Hackers Sells Tool to Hide Malware in AMD, NVIDIA GPUs?","datePublished":"2021-09-01T08:45:40+00:00","dateModified":"2021-09-01T08:45:41+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/"},"wordCount":508,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/","url":"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/","name":"How Hackers Sells Tool to Hide Malware in AMD, NVIDIA GPUs? - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-09-01T08:45:40+00:00","dateModified":"2021-09-01T08:45:41+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/how-hackers-sells-tool-to-hide-malware-in-amd-nvidia-gpus\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How Hackers Sells Tool to Hide Malware in AMD, NVIDIA GPUs?"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3008"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=3008"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3008\/revisions"}],"predecessor-version":[{"id":3013,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3008\/revisions\/3013"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/3010"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=3008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=3008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=3008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}