An anonymous hacker published information on a Russian forum in early August about his own code, which he offers for sale and which can allocate space in graphics memory, store code in it and run it from there. The code works on Windows and uses OpenCL 2.0. It should work on Intel graphics cards (eg UHD 620, UHD 630), AMD (eg Radeon RX 5700) and Nvidia (tested GeForce GTX 740M and GeForce GTX 1650).
According to a contribution made by vx-underground on Twitter, this code (or technique) has been sold to Threat Actors. This principle is said to be demonstrated soon.
After many years of attackers and malware writers focusing on the processor, RAM, and their vulnerabilities, their security seems to have moved to a level where it is becoming more effective to look for other – unguarded – paths. In the future, it can be expected that the authors of operating systems, APIs, graphics chips (hardware and drivers) will have to focus more on securing the address space used by the graphics core.
–
