New Linux malware techniques have emerged as a proof-of-concept rootkit, that allows more stealth-like capabilities to hide in infected systems undetected.

A team of developers has created a rootkit for Linux systems that uses the processing power and memory of graphics cards instead of CPUs in order to remain hidden. The rootkit, called Jellyfish, is a proof of concept designed to demonstrate that completely running malware on GPUs (graphics processing units) is a viable option. This is possible because dedicated graphics cards have their own processors and RAM.

Such threats could be more sinister than traditional malware programs, according to the Jellyfish developers. For one, there are no tools to analyze GPU malware, they said. Also, such rootkits can snoop on the host’s primary memory, which is used by most other programs, via DMA (direct memory access). This feature allows hardware components to read the main system memory without going through the CPU, making such operations harder to detect.

Users probably shouldn’t worry about criminals using GPU-based malware just yet, but proof-of-concepts like Jellyfish and Demon could inspire future developments. It’s usually just a matter of time before attacks devised by researchers are adopted by malicious attackers.