AMD, Nvidia, and Intel GPUs could be capable of hosting malicious code

Nvidia Turing GPU render up-close
(Image credit: Nvidia)

Hackers may have figured out a way to store and execute malicious code on a graphics card, potentially allowing it to avoid detection by antivirus software. The code has also reportedly been sold via a hacking forum, and so far we've no further indication of how dangerous the technique could be.

Code that sits undetected in GPU memory is likely very dangerous due to the potential difficulty associated with removing it, which could rely on flashing the GPU entirely—an already risky affair. However, the overall threat of the reported method will depend on what it takes to implant the code into GPU memory to begin with.

All we know of the technique, however, is what a hacker, who reportedly later sold it, said of it on a forum. This was later spotted and reported by Bleeping Computer.

The original forum post reads:

"Sell PoC [proof-of-concept] of technique that avoid AV detects from RAM scanning. It allocates address space in GPU memory buffer, inserts and executes code from there."

The post then explains that the technique works only on Windows machines that support OpenCL 2.0 or higher—an open standard used to accelerate applications on GPUs. Also that the technique has been tested on Intel UHD 620, UHD 630, Radeon RX 5700, GeForce GTX 740M, and GeForce GTX 1650 graphics cards.

The possibility of this technique working on both AMD and Nvidia discrete GPUs would be worrying enough alone. However, the possibility of it also working across Intel iGPUs would potentially open up a much larger percentage of PCs to the exploit. 

As Bleeping Computer notes, VX-Underground, which calls itself the "largest collection of malware source code, samples, and papers on the internet", is aware of such a technique and will demonstrate it soon.

Your next upgrade

(Image credit: Future)

Best CPU for gaming: the top chips from Intel and AMD
Best graphics card: your perfect pixel-pusher awaits
Best SSD for gaming: get into the game ahead of the rest

This isn't the first time a GPU, and potentially OpenCL, have been used to execute malicious code. Various users point to a similar PoC called Jellyfish, which is a Linux-based GPU rootkit that works on both Nvidia and AMD GPUs and requires OpenCL drivers to function. This code hasn't been touched in six years, though its creators note that such GPU-based malware benefits from the lack of tools and software able to detect them.

Jellyfish and the more recent technique are said to differ, however, at least according to the seller of the potentially harmful PoC.

It's possible that we'll see further efforts to take advantage of GPU memory, or accelerators in general, considering their prominence in all manner of machines today. That said, there's little doubt in my mind that many exploits exist in computing at any one moment, and while manufacturers wrestle with plugging up holes in their code, it's just as important you do all you can to keep your system safe.

Usually, that means not giving malicious actors a chance to download code onto your system, after which they can usually wreak all sorts of havoc often undetected.

TOPICS
Jacob Ridley
Managing Editor, Hardware

Jacob earned his first byline writing for his own tech blog. From there, he graduated to professionally breaking things as hardware writer at PCGamesN, and would go on to run the team as hardware editor. He joined PC Gamer's top staff as senior hardware editor before becoming managing editor of the hardware team, and you'll now find him reporting on the latest developments in the technology and gaming industries and testing the newest PC components.

Read more
Pipboy holds up an open padlock.
A BIOS update could be all that's stopping you or someone else from jailbreaking your old AMD CPU
Nvidia RTX 4090 Founders Edition graphics card
A single RTX 4090 managed to brute force crack an Akira ransomware attack in just 7 days
Mister Fantastic giving a thumbs up
A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
A computer screen with program code warning of a detected malware script program. 3d illustration
Second Steam listing this year found hiding 'new and clever' malware. This time through a fake demo link on developer's website
An artist’s illustration of NASA’s James Webb Space Telescope revealing, in the infrared, a population of small main-belt asteroids.
GPUs powering AI will probably be the end of us all but at least they're being used to find small city smashing asteroids before they do
A photograph of the opening slide of a Microsoft lecture on Cooperative Vectors at GDC 2025
AMD, Intel, Microsoft, and Nvidia are all excited about cooperative vectors and what they mean for the future of 3D graphics, but it's going to be a good while before we really see their impact
Latest in Graphics Cards
Nvidia App
Hmmm, upgrades: Nvidia App gets an optional AI assistant and custom DLSS resolution scaling
A close-up photo of an Nvidia RTX 4070, with its heatsink removed, showing the AD104 GPU die and the surrounding Micron GDDR6X VRAM chips
With Nvidia Ace taking up 1 GB of VRAM in Inzoi, Team Green will need to up its memory game if AI NPCs take off in PC gaming
A collage of Radeon RX 9000 series graphics cards, as shown in AMD's promotional video for the launch of RDNA 4 at CES 2025
AMD's CEO claims 9070 XT sales are 10x higher than all previous Radeon generations but that's just for the first week of availability
Colorful iGame RTX 5070 Ti Vulcan OC graphics card from various angles
The RTX 5060 and RTX 5060 Ti are rumoured to be mere weeks away, with board partners reportedly required to ensure at least one MSRP model at launch
Nvidia headquarters
Nvidia CEO sets sights on making 'several hundred billion' dollars worth of electronics in the USA over the next four years, increasing the chance of your next GPU being made in America
The Asus ROG Astral GeForce RTX 5090 Dhahab Edition, a gold-plated graphics card on a sand dune background
A Jensen Huang-signed version of this golden Asus RTX 5090 will be auctioned off to support relief efforts for the California wildfires
Latest in News
Assassin's Creed Shadows promo image
Ubisoft scores a legendary ratio against Elon Musk on his own platform—which hopefully marks a final end to all the Assassin's Creed Shadows' culture war nonsense
Tzarina Katarin Bokha, the Ice Queen of Kislev
Total War: Warhammer 3 rolls out a cool Kislev overhaul, changes befitting Tzeench’s magic, new projectile units and creakier skeletal horses
An image of a golden first place award from Geoguessr
'We're actually getting GeoGuessr on Steam before GTA 6': the Google Street View puzzler arrives on Valve's platform this April
Napster client circa 1999
Former music-pirating platform Napster to be reborn rather ironically as a metaverse for musicians to connect with their fans after $207 million deal
The snazzy red and black HyperX Cloud Alpha wireless headphones float in a teal void. The microphone is attached to the headset.
The best wireless gaming headset is now even better in the Amazon Big Spring Sale, boasting a more than $50 discount
A chip being held up in an Intel fab
Intel is reportedly 'working to finalize commitments from Nvidia' as a foundry partner, suggesting gaming potential for the 18A node