GPU-based malware is real, say developers of PoC rootkit and keylogger

“Two yet unfinished coding projects by a group of developers that call themselves Team Jellyfish have received unexpected attention due to an Ars Technica article published on Thursday.

The projects involve malware that runs on a computer’s GPU instead of CPU:

  • Jellyfish, a “Linux based userland gpu rootkit proof of concept project utilizing the LD_PRELOAD technique from Jynx (CPU), as well as the OpenCL API developed by Khronos group (GPU),” and
  • Demon, a GPU-based PoC keylogger modeled after research described in this paper from 2013.

“For some arbitrary reason this project as well as Demon, has been getting a decent amount of attention. That being said, we just want to notify everyone reading this that jellyfish is not complete nor has even reached the expectations we want it to,” the developers noted on the Jellyfish project GitHub page.

“We’re still circling around ideas and pseudo code upon what we think is cool, so apologies to anyone disappointed that they still have a buggy still-in-beta application. Our goal was to make everyone aware that gpu based malware is real; and obviously, telling from what’s been publicized, we succeeded.”

They made sure to note that the code is offered publicly for educational purposes only, and that they are not associated with the writers of the aforementioned paper.”