New Rootkit Uses Your Graphics Card as Blind Spot
Bohs Hansen / 10 years ago
Viruses, Trojans and Malware all have one thing in common, they try to stay hidden and move around so they won’t be detected before the job is done and the user discovers the unwanted piece of software. As the anti-virus tools become better, researchers are looking for new areas where they can hide their unwanted code – and they found one.
The development team JellyFish released a new Linux Rootkit demonstrating the Trojans invasion capabilities, going through the GPU to gain full control of your entire system.
Most security software available now will only scan your physical media and your memory, not your video memory. This already makes it the perfect spot to hide your code. The general development and power that graphics cards hold these days is another advantage that bad coders can take advantage off. GPUs are pretty much the most powerful part of any system and it can perform its actions in a fraction of the time that your CPU would need.
Using its techniques, the Linux Rootkit is able to get the highest management authority of the entire computer. After successfully obtaining privileges, an attacker can basically do what eve he wants, steal personal information and data to name the most obvious.
Windows and Mac OS X users shouldn’t feel secure either as a version for both systems is in development. The Windows tool currently only supports NVIDIA graphics cards and the machine must have CUDA tools and the appropriate drivers. The Linux Rootkit supports both AMD and NVIDIA cards but does require OpenCL drivers to be installed.
Mac OS X users might be the easiest target as the version will support both AMD and NVIDIA graphics cards and Mac OS X has OpenCL drivers enabled by default.
The good news on all of this is that it is a proof of concept and doesn’t do anything ‘bad’ as it is. The developers are also working on a JellyScan tool to detect and deal with threats of this kind.