Earlier this month, an advertisement was posted on a forum in which an anonymous person offered to sell a procedure to run malicious software on the graphics processor and from the computer’s graphics memory instead of the main processor and system memory.
This is to prevent programs that check system memory from detecting malware.
This was previously the subject of speculation in academia, but previously it was not possible in practice, although the possibility of such a method has been discussed since 2013.
The person who offered the procedure for sale with proof that it would work (“proof of concept” or “PoC”) states in the ad that they tested the method on select graphics processors from Nvidia, AMD, and Intel.
According to the vendor, the method should be usable on Windows based systems that support OpenCL 2.0 and later.
If it is true that the method can be used on machines with graphics from AMD, Nvidia, or Intel, this is dangerous, since many computers use graphics chips from at least one of these three manufacturers.
according to Computer, who were the first to report the case, the announcement was made on August 8. On August 25, a letter arrived from the same person stating that the method had been sold.
It is not known exactly what this method is, whether it can actually be used or who the potential buyer is.