Malware authors state that proof-of-concept versions have been created solely for educational purposes. Two anonymous developers have presented experimental versions of two malwares – rootkit Jellyfish and keylogger Demon. Their main innovative feature is the ability to use graphics processor (GPU). These malware programs exploit GPU rather than the CPU to operate in a stealthy way and increase computational abilities. Both programs work on CPU and exploit GPU functions to mint Bitcoins and other virtual currencies.
Jellyfish is a Lynux based rootkit proof of concept project utilizing the LD_PRELOAD technique from Jynx (CPU), as well as the OpenCL API developed by Khronos group (GPU).
This code currently supports AMD and NVIDIA graphics cards.
Demon keylogger has not been described in details by the developers. However, they have announced the key idea of this experimental project- to demonstrate the possibility of monitoring the system’s keyboard buffer directly from the GPU via DMA (direct memory access), without any hooks or modifications in the kernel’s code.
The authors insist that these experimental programs have been developed exclusively with educational goals, and the developers are not liable for further use of rootkit Jellyfish and keylogger Demon.