A proof-of-concept method of attack utilizing malware the would reside in graphics memory has recently been sold in a hacker forum according to Bleeping Computer. The listing states that it is possible to hide malicious code in the graphics card memory, evading detection by the system.
Complete details weren’t given but the listing also states that this method allows the malicious code to be safe in VRAM as antiviruses cannot scan GPU memory. The exploit is stated to have been tested working on OpenCL 2.0 or higher devices and are reportedly working AMD Radeon RX 5700, NVIDIA GTX 1650 and GTX 740M as well as Intel UHD 620/630.
Research group VX-underground on Twitter posted that they will be demonstrating this technique soon.
Recently an unknown individual sold a malware technique to a group of Threat Actors.
This malcode allowed binaries to be executed by the GPU, and in GPU memory address space, rather the CPUs.
We will demonstrate this technique soon.
— vx-underground (@vxunderground) August 29, 2021