Zscaler Warns of CoffeeLoader Malware Hiding in GPUs

The CoffeeLoader malware family is a new and sophisticated threat targeting Windows users, identified by Zscaler researchers. This malware disguises itself as the legitimate ASUS Armoury Crate utility and employs innovative techniques to evade detection, such as executing code on the GPU instead of the CPU, which many antivirus programs do not monitor. Additionally, it utilizes Call Stack Spoofing and Sleep Obfuscation to hide its activities and remains undetected while delivering infostealers, including the known Rhadamanthys. CoffeeLoader is seen as an evolution of the SmokeLoader malware, combining stealth with advanced technical capabilities to maintain persistent infections. As the malware landscape evolves, CoffeeLoader serves as a stark reminder of the vulnerabilities present in modern systems, especially with the increasing reliance on GPUs for various computing tasks. Cybersecurity experts are urging users to remain vigilant and update their security measures to mitigate such threats.