[Security] GPU Assisted Malware With CUDA and OpenCL

Virus, malware

Here is an interesting paper about how malicious softwares can take advantage of the power of GPUs for implementing unpacking and runtime polymorphism to elude virus scanners. The computational power of modern GPUs and the use of CUDA or OpenCL allow to a malware author to create extremely complex encryption schemes that run fast on the GPUs but are very hard to break on CPU. GPU computing tools like CUDA or OpenCL allow an interaction between the CPU and the GPU: the CPU sends encrypted data to the GPU, and the GPU returns to the host (CPU) the decrypted / unpacked code…

Malware writers constantly seek new methods to obfuscate their code so as to evade detection by virus scanners. Two code-armoring techniques that pose significant challenges to existing malicious-code detection and analysis
systems are unpacking and run-time polymorphism. In this paper, we demonstrate how malware can increase its robustness against detection by taking advantage of the ubiquitous Graphics Processing Unit. We have designed and implemented unpacking and run-time polymorphism for a GPU, and tested them using existing graphics hardware. We also discuss how upcoming GPU features can be utilized to build even more robust, evasive, and functional malware.

You can download the paper HERE.


  • xcbb

    This sucks.

    Where are the anti-malware CUDA and OpenCL software?

  • LOL

    Finaly virus will crash my computer! GPU coding is just so hardware and driver version dependent, and most drivers are full of bugs, thats why Adobe in Flash tried to never use the GPU… virus coders will have a hard time tring to make the virus compatible with several version drivers and hardware LOL

  • Korvin77

    lol and OpenGL can render evil pictures through destroying system!!! I always thought that those bunch of API are pure evil!!! 😀