Tag Archives: gpu

windows – jellyfish gpu r.a.t. (rootkit)

Developers of team Jellyfish  have posted a PoC of a portable executable gpu remote access tool. They already posted a linux version earlier this week.

Tapping an infected computer’s GPU allows malware to run without the usual software hooks or modifications mallware makes in the operating system kernel. Those modifications can be dead giveaways that a system is infected.

Advantages of gpu stored rootkits:

  • No gpu malware analysis tools available on web
  • Can snoop on cpu host memory via DMA
  • Gpu can be used for fast/swift mathematical calculations like xor’ing or parsing
  • Stubs
  • Malicious memory may be retained across warm reboots. (Did more conductive research on the theory of malicious memory still being in gpu after shutdown)

It is just a mather of time untill a version emerge that runs on graphics processors integrated into CPUs.