Hidden password-stealing malware lurking in your GPU card? Intel Security thinks not
Neat trick but not undetectable
Fears that malware is hiding in people's graphics chipsets may be overclocked, according to Intel Security.
Earlier this year, researchers from the self-styled “Team JellyFish” released a proof-of-concept software nasty capable of exploiting GPUs to swipe passwords and other information typed in by a PC's user. The same research raised doubts about whether security tools can defend against this kind of malicious code.
McAfee Labs enlisted members of Intel’s Visual and Parallel Computing Group to assess the threat posed by GPU malware. The team concluded that the doom scenario – a totally undetectable autonomous superbug hidden from antivirus packages running on the computer's main processor cores – is unlikely.
It's true that hackers could be tempted to run malicious code on graphics cards or motherboard chipsets to evade malware detectors, executing code and storing data where traditional defense software fears to tread. Although moving portions of malicious code off the CPU and out of main RAM reduces the visibility of this malware, hints of evil activity can still be spotted, thus giving the game away, according to Intel Security.
This means that endpoint security products can catch such threats as and when they arise. Such threats are, in any case, not wholly new.
“Malware attacks on graphics processing units have been around for a number of years, with attention flaring up now and then,” Intel Security wrote. “In fact, such malware has been active in the wild for at least four years – in the form of Bitcoin-mining Trojans that leverage the awesome GPU throughput to increase the payout from each victim’s infected system.”
“GPU threats are a real concern. But this type of attack has not reached perfect storm status,” Intel Security concluded, adding that the threat is comparable to that posed by rootkits 10 years or so ago.
The GPU malware analysis was part of McAfee Labs Threats Report: August 2015 [pdf]. The bumper 40-page edition of the report marked the fifth anniversary of Intel’s announcement of the McAfee acquisition, and featured a retrospective on the last five years in the IT security game as well as a look forward toward emerging threats.
One prediction five years ago certainly hasn’t panned out quite as expected: although the volume of mobile devices has increased even faster than anticipated, broad-based attacks on mobile gadgets have developed more slowly than predicted, Intel Security admitted.
If the infosec world was a TV show, the big cross-season narrative arc across the last five seasons has, of course, been the growing maturing of the cybercrime threat. In 2010, mischief makers and pranksters were the big problem; the threats these days appear to come from profit-motivated cybercrooks, government-sponsored hackers, and spies.
“Cybercrime has grown into a full-fledged industry with suppliers, markets, service providers, financing, trading systems, and a proliferation of business models,” Intel Security concluded.
One important example of this general trend is the rise of ransomware – malware capable of encrypting file systems on compromised computers before extorting victims over payment for a crypto key needed to unscramble files. The total number of ransomware samples rose 127 per cent from Q2 2014 to Q2 2015, according to McAfee Labs. ®
Sponsored: Customer Identity and Access Management