Level 33
Staff member
Malware Hunter
Research team also publish proof-of-concept code for enclave malware on GitHub.

A team of academics has found a way to abuse Intel SGX enclaves to hide malicious code from security software and to allow the creation of what researchers are calling "super-malware."

Intel Software Guard eXtensions (SGX) is a feature found in all modern Intel CPUs that allow developers to isolate applications in secure "enclaves."

The enclaves work in a hardware-isolated section of the CPU's processing memory where applications can run operations that deal with extremely sensitive details, such as encryption keys, passwords, user data, and more.
Until today, the only known vulnerabilities impacting SGX enclaves had been side-channel attacks that leaked the data being processed inside an enclave, revealing an app's secrets.

But in a research paper published today, security researchers showed that SGX enclaves could be used as a place to hide undetectable malware.