Malware is a moving target. Just when we think we have a handle on things, it morphs.
Ars Technica is reporting about GPU based malware. Two proof of concept malware samples, Jellyfish and Demon, run entirely on the graphics processor or GPU which typically lives on the video card.
This means that it is unlikely that any traditional anti-malware software would even know that it was there. In most computers, the GPU runs as a “bus master” meaning that it has full control of the computer and can do anything that the operating system can do.
Currently, the sample malware runs on two graphics cards – Nvidia and AMD. These two vendors are major players in the market, so this malware will run on a large number of systems.
In concept, since many phones have GPUs these days, it is possible that this code could be ported to run on your phone.
The key logger software, for example, can monitor the keyboard buffer as a DMA master completely undetected.
In March Kaspersky Labs revealed malware that ran inside the disk controller card. That malware had been around for about 14 years.
Since no software currently detects GPU malware, we have no idea if this malware is unique or not.
Just like the disk controller malware only runs on certain disk drives, Jellyfish only runs on computers that have a particular GPU, so both of these forms of malware have a somewhat limited market.
Still, most high end computers have a GPU and they might be valuable targets.
Buy your GPU Anti Malware software now (oh, wait, that doesn’t exist). Sorry.