Rootkits or Keyloggers can hide on a Graphics Card and gain access to your computer

The Graphics card on your Windows PC could be the next attack destination for malware spreaders says a recent report published by a group of developers. Developers have said that graphics card is the new opening that can be easily exploited by attackers in the near future. Most antivirus software scan just the hard drives and memory locations for malware, however they do not have any checks for a Graphic Card’s processor unit (GPU).

rootkit

Cybercriminals have a valid reason for moving their attention from the conventional central processing unit (CPU), owing to the enhanced functionality of the graphics card build these days. Most GPU’s are built to perform complex and intensive operations. An example could be of password cracking and Bitcoin mining. With so much dependence built on GPU, an attacker can take advantage of knotty encryption algorithms and serpentine polymorphic algorithms to disguise and strengthen the armor of their code via Graphics card.

Presenting a basis of their study, the anonymous developers released its Demon keylogger proof-of-concept code, demonstrating how GPU-based malware could capture all keystrokes and store them in the GPU memory. Following the keystrokes means, that malware could then go on to steal passwords, personal communications and login credentials without being detected by any antivirus or keylogger detector software.

The developers released an educational rootkit named as Jellyfish, which is virtually undetectable by current antivirus programs. Jellyfish is capable of running on NVidia, AMD, and Intel hardware and snoops on CPU host memory via direct memory access (DMA). This superior feature allows hardware components to read the main system memory without going through the CPU, making such operations harder to detect by conventional anti-virus programs. Moreover, the malicious GPU memory persists even after the system is shut down!

The researchers however warned against using Jellyfish rootkit, saying that the code is still in progress. Moreover, the rootkit code is intended to be used for educational purposes only, and developers of the code are not responsible if it is exploited illegally.

Seeing the present scenario, it would be safe to assume that a time will come when GPU based attacks become a reality. A study like this has certainly opened new avenues for attackers to look at.

Posted by with Tags
Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.