Summary: In a bid to raise awareness regarding the way malware can affect GPUs, a team of developers recently created a Linux rootkit running on graphics cards — In the newly released proof-of-concept the team proved that no OS is strong enough to evade the malware and basically the existing security tools are weak not the operating systems.
The team had already successfully infected Nvidia GPU cards with a piece of malware on both Windows and Linux Operating Systems. Firstly they created WIN_JELLY to infect Windows OS and now they showed that the same is possible on Macs too and the malware is called MAC_JELLY.
The malware serves as a Remote Access Tool/RAT that enables attackers to gain control of a machine via the internet.
The objective of this team is to inform the industry experts that the problem doesn’t lie in the operating systems like Linux and Windows and also not with the Graphic Processor Unit/GPU but with the security tools. They claim that the existing security tools are not capable of scanning the RAM/Random Access memory that is used for malware coding by GPUs.
According to the researcher paper:
“The ability to execute general purpose code on the GPU opens a whole new window of opportunity for malware authors to significantly raise the bar against existing defenses.”
The RAT allows attackers to control compromised computers and is widely used in various targeted attacks all over the world.
WIN_JELLY was released last weekend and is compatible with Windows-based devices having Nvidia GPUs or the Nvidia CUDA drivers installed.
To strengthen their defense side the team of developers is working to create a tool called JellyScan. It will let system administrators and security researchers identify GPU-based malware.