According to security experts, new malware has been circulating for several months, which is the configuration software of the PC manufacturer ASUS for gaming PCs. Among other things, the malware called Coffeeloader tries to take part of your code in the memory of the graphics card.
Malware does not load coffee, but malware
According to a report by PCWORLD the security expert cited from ZSCALER, has been distributed a new malware since September 2024, which in particular targets the users of gaming systems from the Taiwanian manufacturer Asus. The malware named Coffeeloader is an ASUS ‘in-house setting software Armoury Crate in order to smuggle malt code on affected PCs.
Once the Coffeeloader malware has arrived on a target PC, additional malice code is recharged via a server, which works as an info-party, among other things. The malware therefore tries to use registration data and other personal data of the user, for example to get to credit card data.
Code is outsourced for camouflage in GPU memory
According to the ZSCALER, the malware relies on an elaborate process to hide. A so-called packer named Armoury stores part of his code on the graphics unit of the respective host PC. Because most protective solutions leave the GPU out in their search for malware, the malware can possibly escape the detection, it is said.
Furthermore, the authors of coffee loaders also rely on laying their malware in the system memory in an inactive encrypted file in order to escape this method of detection using antivirus solutions known as a sleep obfusation. Furthermore, coffee loaders change its memory print to look like a harmless program, it is said.
As a measure of self-protection, ZSCALER strongly recommends that Gaming systems from the production of ASUS urgently recommend obtaining the Armoury Crate Software from the manufacturer’s website. Due to the parallels between the Coffeeloader and a Smokeloader older malware mentioned, it is indicated that it is only a variant, although according to the security experts, this should not have been determined so far.
