Skip to main content

GPUs could become Trojan horses for future cyberattacks

NVIDIA CEO Jensen Huang at GTC
Nvidia

The graphics card inside your computer is a powerful tool for gaming and creative work, but it can also potentially serve as a Trojan horse for malware. Cybercriminals are finding ways to exploit graphics cards and their VRAM to inject malicious code into your system. The approach is claimed to have worked during a proof-of-concept hack on both discrete and integrated GPUs from AMD, Intel, and Nvidia.

Because antivirus software today cannot scan the graphics card’s own video RAM, known as VRAM, hackers are now targeting GPUs to carry out their dirty work. On the other hand, conventional methods used today that target the system’s main memory would trigger the antivirus software.

According to Bleeping Computer, a brief description of the hack was posted on a hacker forum, where one seller was trying to sell his proof-of-concept method to exploit the VRAM on GPUs. The seller stated that the method worked on Intel’s integrated UHD 620 and 630 graphics, as well as discrete solutions including the AMD Radeon RX 5700 and Nvidia GeForce GTX 1650. It’s unclear if the attack would also work on other GPUs, like the recent Radeon RX 6000 series from AMD and the Geforce RTX 3000 series from Nvidia, both of which have seen high demand and short supply.

The listing to sell the proof of concept was posted on August 8, and the method of exploit was sold on August 25, though details about the transactions were not revealed. It’s unknown who purchased the hack or how much was paid.

Though specifics about the exploit that was sold to other hackers are not known, cybersecurity researchers at VX-Underground stated that the method allowed the code to be run by the GPU and in the VRAM rather than by the CPU. The researchers said that they will be demonstrating the method of exploit soon.

While targeting the GPU for cyberattacks may be different from traditional hacks today, the method isn’t entirely novel. This latest exploit follows a similar proof of concept from six years ago known as JellyFish.

With the JellyFish proof of concept, researchers exploited the graphics card with a GPU-based keylogger. The seller of this latest GPU-based hack denied similarities behind his method and JellyFish, Bleeping Computer stated.

Given that your GPU could potentially be exploited by a malicious actor in the future to hide and execute malware, PC owners, gamers, and creators should stay vigilant of suspicious emails, links, files, and downloads. This is especially pertinent given that malware that sits in VRAM can be undetectable by antivirus software.

Editors' Recommendations

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Intel quietly steps out of the shadows with two new GPUs
Two Intel Arc chips in front of a blue and purple gradient background.

Intel has just released two new mobile graphics cards -- the Arc A570M and the Arc A530M. However, the launch was a little bit of a "don't blink or you'll miss it." The cards appeared on Intel's website, but there was no announcement of any kind.

Over time, we've grown quite fond of Intel's initial batch of desktop GPUs, so we're paying close attention to how the company continues to grow its mobile cards for gaming and other high-performance laptops. This unexpected launch puts Intel ahead of both AMD and Nvidia when it comes to the number of laptop GPUs available, but the actual number of computers that will utilize these cards remains to be seen.

Read more
Cable-free GPUs are real, and they’re the future of ultra-clean PCs
An Asus GeForce RTX 4070 Megalodon graphics card seen from the rear on a table.

Asus gave us a glimpse into the future at Computex 2023 with its concept graphics card that is essentially cable-free. Instead of having any traditional 8-pin or 16-pin power connectors, the company showcased an RTX 4070 with a proprietary interface that draws power directly from the motherboard.

Reports now suggest that the company is pretty serious about the concept and is set to introduce products with the new interface later this year. According to WCCFTech, Asus has confirmed that it is working on mass-producing the "cable-free" GPU at Bilibili World 2023 exhibition in Shanghai. 

Read more
Nvidia’s peace offering isn’t working
Two MSI RTX 4060 Ti 16GB GPUs over a black background.

Nvidia's RTX 4060 Ti 16GB is here, but you wouldn't know it if you didn't follow GPU news closely. It seems that the GPU might just be so far behind some of the best graphics cards that Nvidia isn't advertising it too much. As a result, early benchmarks are scarce.

MSI has released some benchmarks of its own, comparing the 8GB and the 16GB versions of the RTX 4060 Ti. It turns out that the new GPU might actually be slower. Is this why Nvidia didn't even make its own version of this card?

Read more