These Hackers Use Your GPU To Load Password-Stealing Malware
Never underestimate hackers' ingenuity. I learned this very early on in my hacking career, and it's as accurate now as it was in the late 1980s. What's more, this mantra unfortunately applies to hackers of the criminal variety as well as those who do so much good work. Remember, hacking is not a crime until it is. A case in point is when it comes to the deployment of infostealer malware. You know, the software that is being used by so many cybercriminals to compromise credentials, leading to account theft as well as vast quantities of stolen passwords being traded on the dark web. The latest example can be found by hackers using the CoffeeLoader family that executes code using the system GPU in order to evade detection.
Graphics cards and the software surrounding them are not a new target for cybercriminals. Whether it's security vulnerabilities in GPU display drivers, or virtual GPU software, you can bet your bottom dollar that hackers are looking out for ways to exploit this powerful part of your system. Infostealer malware attacks that use the GPU are not something I have come across before, at least not to my failing old-man memory. However, CoffeeLoader hackers seem to be employing just this methodology to launch attacks.
In a March 26 posting, Brett Stone-Gross, the senior director of threat intelligence at Zscaler, detailed precisely how the CoffeeLoader malware family is being deployed with the help of your graphics card.
The whole purpose of the CoffeeLoader malware is to evade detection and bypass security protections in order to download and execute second-stage payloads, the infostealers in question. CoffeeLoader achieves this by employing a sophisticated packer utilizing the GPU as well as call stack spoofing and sleep obfuscation. 'The loader leverages a packer, which we named Armoury,' Stone-Gross said, 'that executes code on a system's GPU to hinder analysis in virtual environments.'
The use of packers is a typical behavior of malware families, but the unpacking of the samples contained is rarely mentioned in security reports because, well, it's pretty boring and largely of little importance in the broader scheme of things. This is not the case with CoffeeLoader thanks to the clearly distinguishable packer used that can leverage the GPU in such a way as to execute initial malware code to complicate the threat analysis process. Zscaler ThreatLabz has named this packer Armoury 'because it impersonates the legitimate Armoury Crate utility created by ASUS.'
Zscaler has said that CoffeeLoader has been observed being deployed with SmokeLoader, sold as a crimewave kit that includes password-stealing as part of the package. Smoke was subject to law enforcement disruption in 2024, having been active for many years, but apparently, that hasn't killed it off.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Insider
6 hours ago
- Business Insider
Zscaler price target raised to $350 from $300 at Truist
Truist raised the firm's price target on Zscaler (ZS) to $350 from $300 and keeps a Buy rating on the shares. The company held an investor briefing in conjunction with its user conference earlier this week, during which it highlighted a number of key pillars in achieving its goal of further driving Zero Trust architecture throughout the enterprise IT stack, the analyst tells investors in a research note. The firm said the company's three pillars include Zero Trust Everywhere, Data Security Everywhere, and Agentic Operations. Truist added that Zscaler is benefiting from tailwinds of digital transformation and vendor consolidation that are continuing to drive demand. Confident Investing Starts Here:
Yahoo
8 hours ago
- Yahoo
Zscaler's Agentic Ops Surge: Will It Be the Next Growth Driver?
Zscaler's ZS agentic operations are experiencing massive growth in information technology operations (ITOps) and Security Operations (SecOps). In the ITOps business, Zscaler rolled out ZDX Copilot as an integrated feature in the ZDX Advanced Plus package. In SecOps, Zscaler introduced agentic operations across multiple modules, including Risk360, Business Insights, Unified Vulnerability Management, Identity Threat Detection, and Cyber Asset Attack Surface Management. Since the introduction of ZDX Copilot, the company has experienced a 70% year-over-year rise in the bookings of the ZDX Advanced Plus package. As Zscaler's customers benefited from the lower mean time-to-resolution of service tickets, its ZDX Advanced Plus package grew to $75 million in bookings since the introduction of ZDX Copilot. Zscaler's SecOps business experienced 120% year-over-year growth in annual contract value since the integration of agentic operations in its security solutions. Driven by these factors, the New Growth Categories (NGC), which account for Zero Trust Everywhere, Data Security Everywhere and Agentic Operations, reached the milestone of approximately $1 billion in annual recurring revenues (ARR), while ZS' total ARR reached $2.9 billion in the third quarter fiscal 2025. The company in its third-quarter fiscal 2025 earnings reported that its NGC revenues were growing at a faster pace than its average ARR. Zscaler's Agentic Operations will help better compete with its rivals. Zscaler's competitors, including Palo Alto Networks PANW and CrowdStrike CRWD, have also expanded their expertise in Agentic Operations. Palo Alto Networks has deployed Cortex XSIAM for incident detection, investigation and response purposes. Palo Alto Networks' Cortex XSIAM continuously scans via telemetry across endpoints, network and cloud for providing accelerated threat response. CrowdStrike has introduced Falcon Next-Gen SIEM and Charlotte AI. While Charlotte AI functions as a generative AI security analyst, reducing the support time provided by cybersecurity professionals, CrowdStrike's Falcon Next-Gen SIEM provides a unified platform for detecting threats, investigating attacks and responding to them. Since the Agentic Operations market is still expanding, multiple players have enough room to grow in this space. This has been a boon to players like Zscaler who got the headstart in the emerging Agentic Operations market. Shares of Zscaler have gained 66.8% year to date compared with the Zacks Security industry's growth of 20.6%. Image Source: Zacks Investment Research From a valuation standpoint, Zscaler trades at a forward price-to-sales ratio of 15.16X, higher than the industry's average of 14.6X. Image Source: Zacks Investment Research The Zacks Consensus Estimate for Zscaler's fiscal 2025 earnings implies a year-over-year decline of 0.31% while the 2026 earnings estimate imply growth of 11.86%. The estimates for fiscal 2025 and 2026 have been revised upward in the past seven days. Image Source: Zacks Investment Research Zscaler currently carries a Zacks Rank #3 (Hold). You can see the complete list of today's Zacks #1 Rank (Strong Buy) stocks here. Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report Palo Alto Networks, Inc. (PANW) : Free Stock Analysis Report Zscaler, Inc. (ZS) : Free Stock Analysis Report CrowdStrike (CRWD) : Free Stock Analysis Report This article originally published on Zacks Investment Research ( Zacks Investment Research Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
17 hours ago
- Yahoo
2 Unstoppable ETFs for Growth Investors to Buy and Hold for Years
ETFs can serve many types of investment goals, including focusing on long-term growth. The iShares Exponential Technologies ETF gives exposure to innovation leaders all over the world. The Invesco QQQ Trust provides a more concentrated exposure to top technology stocks. 10 stocks we like better than Invesco QQQ Trust › Whether you're a dividend investor or a growth investor, there can be an exchange-traded fund (ETF) out there to meet your specific investment goals. There are many ETFs to choose from these days, which can allow you to focus on a certain strategy. For example, there are even thematic ETFs that invest in stocks based on what sector or industry they are in, and if they align with an overall theme. For growth investors, there are many options to consider. Two particularly popular ETFs for investors to hold over the long haul are the iShares Exponential Technologies ETF (NASDAQ: XT) and Invesco QQQ Trust (NASDAQ: QQQ). Here's why these funds are promising investments you can buy and forget about for a long while. This iShares ETF invests in companies that are innovation leaders all over the world. These are potential disrupters whose new technology can replace older technologies. While the growth-focused ETF has an expense ratio of 0.46%, that's a fairly modest fee given that in return, you'll gain exposure to a great mix of growth stocks. There are around 200 stocks in the ETF with a broad mix of large and small companies. Some of the notable stocks within its top-10 holdings are Palantir Technologies, Cloudflare, and Zscaler. But the largest stock doesn't account for more than 1% of the ETF's overall portfolio, which means investors don't have to worry about having too much exposure to any single company. Outside of tech, which accounts for the bulk of the portfolio at 54% of all holdings, healthcare (15%), industrials (7%), and financials (5%) make up considerable portions of the ETF's portfolio. With a focus on growth, there isn't much dividend income you'll earn from this ETF -- its yield is around just 0.7%. But it has made for a solid fund to invest in, rising more than 40% over the past five years. And with many top up-and-coming growth stocks in its portfolio, the iShares Exponential Technologies ETF can continue to be a great long-term investment to hang on to for years. The Invesco QQQ Trust is not as diversified as the Exponential Technologies ETF, and that has worked in its favor and allowed it to generate even better returns for investors over the past five years. It has also soundly outperformed the broad S&P 500. Since the ETF tracks the top 100 non-financial stocks on the Nasdaq exchange, there will be more exposure to individual stocks with this fund. And that means high performers will weigh more heavily on its overall returns. In the Invesco QQQ Trust, close to 25% of its position is in just three stocks -- Microsoft, Nvidia, and Apple. These stocks have taken off in the past couple of years, a key reason the ETF has performed so well. If you remain bullish on these stocks then you may continue to prefer to hold the Invesco QQQ Fund versus a more diversified option such as the Exponential Technologies ETF. In total, tech stocks represent just over 57% of the ETF's overall holdings, as this is yet another tech-heavy fund. The next-largest sectors are consumer discretionary stocks, which make up 20% of the portfolio, followed by healthcare stocks, which represent just under 6% of all holdings. At 0.2%, the expense ratio in this ETF is relatively light, and that can help ensure that you are keeping the bulk of the gains in your portfolio, rather than having fees chip away at them. It also yields a modest 0.6%. The Invesco Fund is one of the more popular ETFs to invest in, and for good reason. With it always containing the best and most valuable stocks on the Nasdaq, you can ensure you have a position in the best and brightest growth investments in the world. This is the type of ETF you can easily buy and forget about, and it can help you generate market-beating returns. Before you buy stock in Invesco QQQ Trust, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the for investors to buy now… and Invesco QQQ Trust wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $668,538!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $869,841!* Now, it's worth noting Stock Advisor's total average return is 789% — a market-crushing outperformance compared to 172% for the S&P 500. Don't miss out on the latest top 10 list, available when you join . See the 10 stocks » *Stock Advisor returns as of June 2, 2025 David Jagielski has no position in any of the stocks mentioned. The Motley Fool has positions in and recommends Apple, Cloudflare, Microsoft, Nvidia, Palantir Technologies, and Zscaler. The Motley Fool recommends Nasdaq and recommends the following options: long January 2026 $395 calls on Microsoft and short January 2026 $405 calls on Microsoft. The Motley Fool has a disclosure policy. 2 Unstoppable ETFs for Growth Investors to Buy and Hold for Years was originally published by The Motley Fool
