GPU-based rootkit and keylogger offer superior stealth and computing power

[JMH]

Developers have published two pieces of malware that take the highly unusual step of completely running on an infected computer's graphics card, rather than its CPU, to enhance their stealthiness and give them increased computational abilities.

Both the Jellyfish rootkit and the Demon keylogger are described as proofs-of-concept by their pseudo-anonymous developers, whom Ars was unable to contact. Tapping an infected computer's GPU allows malware to run without the usual software hooks or modifications malware makes in the operating system kernel. Those modifications can be dead giveaways that a system is infected.

GPU-based rootkit and keylogger offer superior stealth and computing power | Ars Technica

 

[Patrick]

It's a good step forward forward for future malware being developed, as almost no tools exist aside from the ones nVidia recently pushed after being contacted about it by a speaker. It's new, that's basically it.

There's no set in stone methodology to analyzing GPU-level based malware, so we'll have to wait and see what pans out as time goes on.