lolloj - Fotolia
I heard about a new type of malware that can infect a computer's GPU rather than its CPU, and that this malware cannot be detected and quarantined by traditional means. What is the best way, then, to find the GPU malware and mitigate this risk?
Anywhere there is firmware that can be updated, there is the possibility for implanting malware. Most antimalware tools do not check the firmware for all of the devices on a system to determine if it has been compromised. It may not even be possible to analyze the firmware on an endpoint to determine if it has been compromised.
Graham Cluley blogs about new proof-of-concept malware, from Team Jellyfish, that hides in the GPU. Currently this GPU malware only works on Linux, but it could be applied to Windows and OSX in the future. Analyzing the endpoint directly won't necessarily detect the GPU malware, but if it uses the network connection of the compromised host, this network traffic could be detected. If network traffic is detected without an identified running process, that could be an indicator of malware buried deep inside the endpoint. The initial code executed to load the malware in the GPU could be detected, as could any files stored on the file system that were used in the attack.
For enterprises with high security requirements, mitigating the risk of GPU malware might require the removal of any internal device with firmware, but most likely fully replacing the hardware will be most effective since multiple internal components could have been infected. The firmware on the device could be updated with known, good firmware to clean the malware.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Learn about the malware lifecycle and when to analyze threats.
Find out if Trojans that capture passwords can be mitigated.
Learn how to stop malware that uses bulletproof hosting sites.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cisco Talos' Thanatos ransomware decryptor can recover files affected by new ransomware that won't decrypt ransomed files even when a ransom has been... Continue Reading
A phishing campaign targeting Trezor wallets may have poisoned DNS or hijacked BGP to gain access. Learn how the attack worked and how to mitigate it... Continue Reading
Okta researchers found a bypass that allows macOS malware to pose as signed Apple files. Discover how this is possible and how to mitigate this ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.