Warning: Detected malicious code hidden in the graphics card's VRAM
At the same time, even advanced security systems often fall into a passive state in many situations.
International cybersecurity experts have just issued a warning about the fact that hackers are actively trying to exploit the victim's graphics card by hiding malicious code inside VRAM. This tactic will help prevent malicious code from being detected by the antivirus tool when it scans your PC's main RAM. Just a few days ago, a proof-of-concept (PoC) document regarding a malicious tool that helps deploy this attack was sold online, according to a report from Bleeping Computer.
In theory, a hacker could hide malicious code in the graphics card's memory cache that the rest of the system can't detect. However, details on how to proceed are still unknown. Documents for sale by hackers include a malicious deployment toolkit, accompanied by PoCdescribe - a piece of software that allocates address space in GPU VRAM, then surreptitiously inserts and executes code from there. . Because as mentioned, all current antivirus programs are not equipped with the ability to scan the GPU's VRAM.
To deploy this malicious process, users need to have a Windows PC that supports OpenCL 2.0 or later. The test model is said to have worked with Intel's UHD 620/630 integrated graphics, as well as Radeon RX 5700, GeForce GTX 740M, and GTX 1650 discrete graphics card models.
It's important to note that this isn't the first time the security world has seen a similar exploit happen. A few years ago, an international team of security researchers also announced the discovery of an open source attack called Jellyfish, which exploited the LD_PRELOAD technique from OpenCL to connect system calls and GPUs. to force execution of malicious code from the GPU. You can see the details of this attack on GitHub here. That shows that hackers can completely use OpenCL to hide the code in the GPU without being detected by the PC.
You should read it
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger
- Malicious code is hidden in cheats and mods that target the gaming community
- Warning: New malicious code is infecting about 500,000 router devices
- After WannaCry, Petya's 'extortion' malicious code is raging, this is a remedy to prevent
- 14 games on the App Store contain malicious code, iPhone users be careful
- Malicious code is growing up
- 100 hackers were arrested for the super-dangerous BlackShades malicious code
- Warning: VPNFilter malicious code attacks the router that has 'evolved', there are many extremely dangerous new features
- What is VRAM?
- Find bug in Emotet malware, prevent it from spreading for 6 months
- 10 million Android devices are preinstalled with malicious code from the factory
- New malware using web application has turned into a source of attack, very difficult to detect
Maybe you are interested
DeceptionAds Warning: New Malicious Ad Type Exploits Legitimate Services to Display Fake CAPTCHAs
How to Detect and Avoid Malicious EXE Files on Windows
More than 200 apps containing malicious code were discovered and downloaded millions of times on the Google Play Store.
Detection of malicious code infecting the web browsers of 300,000 PCs, silently stealing user data
The App Store was tricked into approving malicious apps
Google Chrome will warn users about password-protected malicious archive files