[Security] GPU Assisted Malware With CUDA and OpenCL
Here is an interesting paper about how malicious softwares can take advantage of the power of GPUs for implementing unpacking and runtime polymorphism to elude virus scanners. The computational power of modern GPUs and the use of CUDA or OpenCL allow to a malware author to create extremely complex encryption schemes that run fast on the GPUs but are very hard to break on CPU. GPU computing tools like CUDA or OpenCL allow an interaction between the CPU and the GPU: the CPU sends encrypted data to the GPU, and the GPU returns to the host (CPU) the decrypted / unpacked code…
Malware writers constantly seek new methods to obfuscate their code so as to evade detection by virus scanners. Two code-armoring techniques that pose significant challenges to existing malicious-code detection and analysis
systems are unpacking and run-time polymorphism. In this paper, we demonstrate how malware can increase its robustness against detection by taking advantage of the ubiquitous Graphics Processing Unit. We have designed and implemented unpacking and run-time polymorphism for a GPU, and tested them using existing graphics hardware. We also discuss how upcoming GPU features can be utilized to build even more robust, evasive, and functional malware.
You can download the paper HERE.