Skip to Main Content

New Linux Rootkit Exploits Graphics Cards

A rootkit PoC for Linux systems that runs on the processors and RAM of the graphics cards, Jellyfish is able to access the computer’s memory without having to route through the computer’s CPU. As CPUs are slower than GPUs for making calculations, GPUs are already used partially by some cryptocurrency-mining malware (e.g. to steal Bitcoins). But Jellyfish is the first malware to run entirely via the GPU, and works with Nvidia, AMD, and even Intel, if the latter is “supported through the AMD APP SDK, a software development kit that allows GPUs to be used for accelerating applications,” says Constantin.

As graphics-card-only malware has never been an exploitable area before, security software developers like Avira would need to engineer security efforts in yet another new direction. Although early reports indicate that Jellyfish is in a beta stage, unfinished, with some bugs, and currently requires OpenCL drivers installed on the targeted system in order to work, it could inspire future variants by those looking to exploit such vulnerabilities for personal gain (AKA cybercriminals).

After a 2013 research paper (pdf) titled “You Can Type, but You Can’t Hide: A Stealthy GPU-based Keylogger,” the same research team behind Jellyfish has also developed a keylogger called ‘Demon’, which also works via the GPU.

Security firms may definitely have our hands full in coming months, it seems.

Marketing/Branding guy, copywriter (Industrial Poet), M.Ed., editor, singer-songwriter/guitarist, reader, writer, and daddy to two amazing girls.Prior to joining Avira in summer of 2014, Mashak helped another European IT security company grow from obscurity into a globally recognized industry leader (and household name).From 2008 to 2010, he worked with an IT market research firm as report editor for the CEMA region.Before that, he was a freelance marketing consultant, a high school English teacher, the owner of a property management company, served five years on sales and client-retention teams for the world's largest perimeter security firm, and dabbled with various small business ventures of his own.