Categories: Technology

Trend says hackers have weaponized SpringShell to install Mirai malware

[ad_1]

Getty Images

Researchers on Friday said that hackers are exploiting the recently discovered SpringShell vulnerability to successfully infect vulnerable Internet of Things devices with Mirai, an open-source piece of malware that wrangles routers and other network-connected devices into sprawling botnets.

When SpringShell (also known as Spring4Shell) came to light last Sunday, some reports compared it to Log4Shell, the critical zero-day vulnerability in the popular logging utility Log4J that affected a sizable portion of apps on the Internet. That comparison proved to be exaggerated because the configurations required for SpringShell to work were by no means common. To date, there are no real-world apps known to be vulnerable.

Researchers at Trend Micro now say that hackers have developed a weaponized exploit that successfully installs Mirai. A blog post they published didn’t identify the type of device or the CPU used in the infected devices. The post did, however, say a malware file server they found stored multiple variants of the malware for different CPU architectures.

Trend Micro

“We observed active exploitation of Spring4Shell wherein malicious actors were able to weaponize and execute the Mirai botnet malware on vulnerable servers, specifically in the Singapore region,” Trend Micro researchers Deep Patel, Nitesh Surana, and Ashish Verma wrote. The exploits allow threat actors to download Mirai to the “/tmp” folder of the device and execute it following a permission change using “chmod.”

The attacks began appearing in researchers’ honeypots early this month. Most of the vulnerable setups were configured to these dependencies:

  • Spring Framework versions before 5.2.20, 5.3.18, and Java Development Kit (JDK) version 9 or higher
  • Apache Tomcat
  • Spring-webmvc or spring-webflux dependency
  • Using Spring parameter binding that is configured to use a non-basic parameter type, such as Plain Old Java Objects (POJOs)
  • Deployable, packaged as a web application archive (WAR)

Trend said the success the hackers had in weaponizing the exploit was largely due to their skill in using exposed class objects, which offered them multiple avenues.

“For example,” the researchers wrote, “threat actors can access an AccessLogValve object and weaponize the class variable ‘class.module.classLoader.resources.context.parent.pipeline.firstpath’ in Apache Tomcat. They can do this by redirecting the access log to write a web shell into the web root through manipulation of the properties of the AccessLogValve object, such as its pattern, suffix, directory, and prefix.”

It’s hard to know precisely what to make of the report. The lack of specifics and the geographical tie to Singapore may suggest a limited number of devices are vulnerable, or possibly none, if what Trend Micro saw was some tool used by researchers. With no idea what or if real-world devices are vulnerable, it’s hard to provide an accurate assessment of the threat or provide actionable recommendations for avoiding it.

[ad_2]
Source link
Admin

Recent Posts

Often the Evolution of Tumi123 Games Experience

Hey there, fellow games enthusiasts! Have you ever wondered just how your favorite gaming platform,…

16 hours ago

Top Benefits of Choosing Epoxy Flooring for Homes and Businesses in Rockford, IL

When it comes to durable, stylish, and cost-effective flooring solutions, epoxy flooring stands out as…

2 days ago

Studying the World of Kenzo188 Games

Hi there, fellow gaming enthusiasts! Regardless of whether you're a seasoned player or perhaps dipping…

3 days ago

Affordable Furniture Shopping in Fort Worth

Hey there, furniture lovers of Fort Worth! Whether you're setting up a new home or…

4 days ago

Syracuse Guide To Socializating Your Dog

You have probably heard about the importance of socializing a dog after getting a puppy.…

4 days ago

Styling Your Space with Vintage Vanity Trays

Hey there, vintage lovers! Are you looking to add a touch of elegance and personality…

4 days ago