A team of developers who recently created a Linux rootkit that runs on graphics cards has released a new proof-of-concept malware program that does the same on Windows. There is a Mac OS X implementation also in the works. The developers are trying to raise awareness that malware can infect GPUs. Their goal is to make the security industry aware that the source code they released, while incomplete and buggy by design, could potentially be built upon and used for illegal purposes. The problem the developers are trying to highlight lies not with the operating systems, such as Windows or Linux, nor with the GPU (graphics processor unit) vendors, but rather with existing security tools, which are not designed to scan the random access memory (RAM) used by GPUs for malware code. The new Windows malware, which is intended as a demonstration, is called WIN_JELLY and acts as a Remote Access Tool or Trojan (RAT), according to its developers. RATs give attackers extensive control over compromised computers and have been used in many targeted attacks over the past few years. However, the specific features of WIN_JELLY have not been described in detail yet.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street