If miners can greedily use graphics cards for purposes other than gaming, so can cyber criminals with their nefarious operations. These people managed to create a proof-of-concept tool that can execute code from the GPU, and they’re selling it at the black market.
As first reported by Bleeping Computer, the tool allows a hacker to embed malicious code on a graphics card and allow it to execute without getting detected by antivirus software.
A hacker who reportedly sold the tool on a hacking forum claimed that it involves a technique capable of avoiding AV detection from RAM scanning. Somehow the tool can reserve addresses in the graphics card memory buffer for malicious code, and then execute the code from there.
The hacker went on to say that computers running Windows with the OpenCL 2.0 or later framework can be used for the technique. Graphics cards on which the tool has been successfully tested include the GeForce GTX 1650, Radeon RX 5700, and Intel UHD 630.
In the past, rootkits and keyloggers had also been developed that could run on an infected GPU.