You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Hackers may have figured out a way to store and execute malicious code on a graphics card, potentially allowing it to avoid detection by antivirus software. The code has also reportedly been sold via a hacking forum, and so far we've no further indication of how dangerous the technique could be.
Code that sits undetected in GPU memory is likely very dangerous due to the potential difficulty associated with removing it, which could rely on flashing the GPU entirely—an already risky affair. However, the overall threat of the reported method will depend on what it takes to implant the code into GPU memory to begin with.
The original forum post reads:
"Sell PoC [proof-of-concept] of technique that avoid AV detects from RAM scanning. It allocates address space in GPU memory buffer, inserts and executes code from there."
The post then explains that the technique works only on Windows machines that support OpenCL 2.0 or higher—an open standard used to accelerate applications on GPUs. Also that the technique has been tested on Intel UHD 620, UHD 630, Radeon RX 5700, GeForce GTX 740M, and GeForce GTX 1650 graphics cards.
The possibility of this technique working on both AMD and Nvidia discrete GPUs would be worrying enough alone. However, the possibility of it also working across Intel iGPUs would potentially open up a much larger percentage of PCs to the exploit.
As Bleeping Computer notes, VX-Underground, which calls itself the "largest collection of malware source code, samples, and papers on the internet", is aware of such a technique and will demonstrate it soon.
Recently an unknown individual sold a malware technique to a group of Threat Actors.This malcode allowed binaries to be executed by the GPU, and in GPU memory address space, rather the CPUs.We will demonstrate this technique soon.August 29, 2021
Best CPU for gaming: the top chips from Intel and AMD
Best graphics card: your perfect pixel-pusher awaits
Best SSD for gaming: get into the game ahead of the rest
This isn't the first time a GPU, and potentially OpenCL, have been used to execute malicious code. Various users point to a similar PoC called Jellyfish, which is a Linux-based GPU rootkit that works on both Nvidia and AMD GPUs and requires OpenCL drivers to function. This code hasn't been touched in six years, though its creators note that such GPU-based malware benefits from the lack of tools and software able to detect them.
Jellyfish and the more recent technique are said to differ, however, at least according to the seller of the potentially harmful PoC.
It's possible that we'll see further efforts to take advantage of GPU memory, or accelerators in general, considering their prominence in all manner of machines today. That said, there's little doubt in my mind that many exploits exist in computing at any one moment, and while manufacturers wrestle with plugging up holes in their code, it's just as important you do all you can to keep your system safe.
Usually, that means not giving malicious actors a chance to download code onto your system, after which they can usually wreak all sorts of havoc often undetected.
