Jump to content

Cybercriminal sells tool to hide malware in AMD, NVIDIA GPUs


Mr.Scienceman2000

Recommended Posts

https://www.bleepingcomputer.com/news/security/cybercriminal-sells-tool-to-hide-malware-in-amd-nvidia-gpus/

In short someone was selling exploit to Windows that allowed store hidden Malware into GPU Vram on hacker forums and few weeks later that person stated exploit had been sold. On august 29 2021 Vx underground released tweet stating that malicious code enables binary execution by the GPU in its memory space and that would demonstrate it soon. That way antiviruses would not be able detect it while executing. Exploit works on any Opencl 2.0 compatible gpu

 

But I do have some questions from that. RAM data is lot on power loss so where does file live outside it? It must have payload somewhere in the hard drive or write itself to uefi other chip. Writing to hard drive means virus can be detected on drive using advanced methods such as rootkit scanners and even if it erases itself from hdd at boot and write itself back on shutdown I can permantelty get rid of it by unplugging computer while it is on causing it disappear from VRAM. Also depending side of malware VRAM may not be enough to it (Nvidia Riva TNT to the rescue) or it may cause reduced amount of free vram or malware may crash if run vram intensive application. If it writes itself to flash it may not work properly or it can brick system.

 

I would not loose sleep over that. It is concern, but normal security practises should keep safe from it. I mostly assume that could be used to exploit servers with gpus that are running 24/7

Link to comment
Share on other sites


They are usually rootkits.
Although rootkits can be very scary, you should keep in mind that to "install" a rootkit you need to use malware able to use remote access.
Malware usually exploits a vulnerability in the OS and/or some installed application.
That is why it is important to use a specific Anti-Exploit software.
If the malware that "carries" a possible rootkit is blocked, the rootkit is indirectly stopped as well.
On the other hand, if the OS is infected and a rootkit is discovered, its removal may be more difficult to solve than a "common" malware.
And often the OS is too badly damaged to need to be re-installed.

Edited by Sampei.Nihira
Link to comment
Share on other sites

40 minutes ago, Sampei.Nihira said:

They are usually rootkits.
Although rootkits can be very scary, you should keep in mind that to "install" a rootkit you need to use malware able to use remote access.
Malware usually exploits a vulnerability in the OS and/or some installed application.
That is why it is important to use a specific Anti-Exploit software.

I also use advanced detection like network level packet scanning with os side blocking. In case exploit shield is bypassed and get infected still if it wants spy or remote access it must do it trough my network leaving trace to logs

40 minutes ago, Sampei.Nihira said:

On the other hand, if the OS is infected and a rootkit is discovered, its removal may be more difficult to solve than a "common" malware.
And often the OS is too badly damaged to need to be re-installed.

i wipe disk then use clean snapshot from hdd or fresh install if get. Also reset any network password since hacker may have had stored them to reaccess. I know some examples of that where hacker came back later using stolen passwords of network or vpn. Some rootkit may hide in mbr or file table so restoring or making new partition may not help

Edited by Mr.Scienceman2000
Link to comment
Share on other sites

9 minutes ago, Sampei.Nihira said:

Why not also use Anti-Exploit software.
The one in WD is very good.:yes:
Usually with non-Microsoft software it is possible to use 12 rules on x64 OS's, which can become 14 on Microsoft software.
Also using IL appcontainer apps helps a lot.

Meant I use anti exploit software and then other methods combined with it in case one fails. Never put all eggs to one basket. Most of modern non phishing attacks are exploits or other methods. Multilayer security starting on network firewall level until os exploit shielding, using script blocks on browser. My security would be considered paranoia by many, but better safe than sorry:rolleyes:. And I am not 360 degrees secured still. Someone who is motivated to attack could do it but normal scripts or mass spreaded exploits wont:yes:. Even if I would have fully libre thinkpad with qubes os someone would able break in if had all motivation and deciation

Edited by Mr.Scienceman2000
Link to comment
Share on other sites

  • 1 month later...

Its news like this that make me want to return to only my solar calculator and abacus. In fact, I don't even trust my digital alarm clock, I think I'll dig out my cuckoo clock of the moldy basement. Actually, everything I own is cuckoo ... oh don't be so shocked :D

https://thehackernews.com/2021/10/new-attack-let-attacker-collect-and.html

 

""The impact of Gummy Browsers can be devastating and lasting on the online security and privacy of the users, especially given that browser-fingerprinting is starting to get widely adopted in the real world," the researchers concluded. "In light of this attack, our work raises the question of whether browser fingerprinting is safe to deploy on a large scale.""

Edited by XPerceniol
Link to comment
Share on other sites

13 minutes ago, XPerceniol said:

Its news like this that make me want to return to only my solar calculator and abacus. In fact, I don't even trust my digital alarm clock, I think I'll dig out my cuckoo clock of the moldy basement. Actually, everything I own is cuckoo ... oh don't be so shocked :D

https://thehackernews.com/2021/10/new-attack-let-attacker-collect-and.html

I've been researching and don't see any answers on how to prevent this from happening and it sounds awful to be honest. I doubt malware scanners would even detect it. Seems just visiting a  malicious site could leave one vulnerable.

Has anybody else heard of this?

Link to comment
Share on other sites

  • 3 months later...

Usually with non-Microsoft software it is possible to use 12 rules on x64 OS's, which can become 14 on Microsoft software. besides that, I can advise you to visit this site https://domymathhomeworks.com/programming/ to buy a ready-made programming homework. This saves you time and guarantees excellent results.

Edited by andyadams222
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...