On github appeared source codes of keyloggers working on the GPU

Two projects appeared on the github server using an unexpected vulnerability - the ability to execute programs spying on a computer using a video processor. The vulnerability was first described in a 2013 research paper entitled “You can type, you can't hide: a GPU-based keylogger .”

In this paper, the researchers described the fundamental possibility of making a program that tracks and records keystrokes using the GPU. The program does not use typical rootkit techniques for embedding into the kernel of the system. Instead, with the help of a video card, information about clicks is collected directly through DMA (direct memory access).

And here, please - the Jellyfish rootkit and Demon keylogger projects prove in practice the possibility of such an approach. Without modifying the core of the system, they work at the expense of the video card. Here is what the creator of the project writes under the nickname x0r1:

Jellyfish is a Linux-based rootkit in the “proof of concept” stage (proof of performance) using the LD_PRELOAD technique from Jynx (CPU), as well as the OpenCL API developed by Khronos group (GPU). Currently, the code works with AMD and NVIDIA video cards. In addition, AMDAPPSDK also supports Intel.

Prior to that, malware using GPUs came across perhaps among programs that secretly minted Bitcoins on a computer’s video card. And of course, they did not work entirely on the GPU, but used it only for direct calculations.