GPU-Assisted Malware Can Be Difficult to Detect

While GPUs bring parallel processing and superior graphics to the PC, they can also be tools for malicious purposes.

According to a research paper entitled GPU-Assisted Malware, a team of scientists from Greece and the U.S. has developed proof-of-concept code that dumps malware components onto the GPU during the "unpacking" process of an executed malicious file, evading traditional security defenses.

Typically self-unpacking methods are used to evade signature-based anti-virus scanning, as they allow the hacker to make changes to the compression or encryption when needed without altering the entire package, making the hidden payload hard to detect. However these methods required access to the PC's CPU which in turn presents limitations. Now hackers can conceivably use the GPU to create even more complex encryption schemes that wouldn't be possible solely on a CPU.

"Implementing the self-unpacking functionality of a malware binary using GPU code can pose significant obstacles to current malware detection and analysis systems,” the scientists wrote in the research paper. "A malware author can take advantage of the computational power of modern graphics processors and pack the malware with extremely complex encryption schemes that ... can be efficiently computed due to the massively parallel architecture of GPUs."

The paper explains that the malicious code--once its unpacked by the GPU--is placed into a memory location accessible by the CPU, and then executed by the CPU. This process calls for the majority of the code to be written for the GPU, leaving little to be used on Intel's x86 chip architecture, and leaving a rather small footprint in the system memory. This means that current security solutions will have an even harder time detecting malicious activity.

To make matters worse, GPU-assisted malware will make it even more difficult for security researchers to reverse-engineer and analyze thanks to the GPU's ability to decode and re-encode segments of the virus more quickly. "Although complete extraction of the original code is still possible by a determined malware analyst, when combined with existing anti-debugging techniques, this form of GPU-assisted polymorphism makes the whole reverse engineering process a challenging and time-consuming task,” the paper states.

To learn more about the proof-of-concept code, read the PDF file here. The team plans to fully disclose its findings next month at the IEEE's International Conference on Malicious and Unwanted Software.

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
    Your comment
    Top Comments
  • duzcizgi
    mayankleoboy1assholes just gave an idea to the hackers

    Considering there are about 6 billion people in the world and also considering that the hackers have all above average education and intelligence, this paper is not giving them any new ideas but just warning the rest of the community on this possiblitiy.

    As the paper states, it is nearly impossible to detect such a malware with the conventional methots that we all use in our current "security suites" that we pay subscription for security of our computer.

    In short, there's no guarantee that someone already exploited this (if I was a malware author, I'd have silently used it and shut my mouth) but none of our antivirus/antimalware programs were able to even detect its presence!
  • alikum
    should I dump my graphics card and stick to 800x600 instead?
  • Anonymous
    "This malware requires DX11 to run. Please upgrade your graphics card."
  • Other Comments
  • Parsian
    fascinating and "oh crap"
  • alikum
    should I dump my graphics card and stick to 800x600 instead?
  • yyk71200
    So, will NVidia and ATI will have to incorporate an antivirus into their drivers?