Tuesday, 12 May 2015

Researchers Hide Malware In Video Card

Researchers have managed to develop malware for Linux and Windows located in the video card can hide. A version for the Mac would be developed. It is the Linux-based Jellyfish rootkit and keylogger Demon , one proof-of-concept on the website GitHub has appeared. Last week, the Linux version was published, but now there is also a version for Windows online put.

According to the developers, one of whom is unknown who it has malware that can hide itself in the video card several advantages. There are no available analysis tools on the Internet to analyze "GPU-malware". In addition, the video card GPU can be used for all kinds of mathematical calculations. Demon keylogger of researchers is based on a keylogger which in 2013 was already presented. The keylogger the user's keystrokes can be stored in the memory of the video card.


Both malware copies require a graphics card with AMD or Nvidia chip to work. Cards with a chipset from Intel are supported through specific software development kit. The rootkit also uses the OpenCL API Kronos Group, a consortium of GPU vendors and other companies developing open standards. The OpenCL drivers must also attacked the system are present as the rootkit will function. The Windows version of the malware as a remote access tool (RAT) defined and copy a DLL file from the hard drive to the memory card.

If the system is restarted, the DLL will be in GPU memory sought and executed if found without interrupting any activity takes place on the hard drive. Also in the case of the Windows version there must be specific drivers and software development kit on the computer are present. The researchers argue that the malware is still in development and that they have them for educational purposes only developed and are not responsible for their use by third parties.

No comments:

Post a Comment