The recently revealed review Spring4Shell the vulnerability is actively exploited by threat actors to execute the Mirai botnet malwareparticularly in the Singapore region since the beginning of April 2022.
“The exploit allows threat actors to download the Mirai sample to the ‘/tmp’ folder and execute them after the permission change using ‘chmod,”Trend Micro Researchers Deep Patel, Nitesh Surana, Ashish Verma mentioned in a report released Friday.
Tracked as CVE-2022-22965 (CVSS score: 9.8), the vulnerability could allow malicious actors to remotely execute code in Spring Core applications under non-default circumstances, granting attackers control total on compromised devices.
The development comes as the US Cybersecurity and Infrastructure Security Agency (CISA) earlier this week added the Spring4Shell vulnerability to its catalog of known exploited vulnerabilities based on “evidence of active exploitation”.
This is far from the first time that botnet operators have moved quickly to add newly publicized flaws to their set of exploit tools. In December 2021, several botnets including Mirai and Kinsing were discovered take advantage of the Log4Shell vulnerability to breach sensitive servers on the Internet.
Miraimeaning “future” in Japanese, is the name given to a Linux Malware which continued to target networked smart home devices such as IP cameras and routers and link them together in a network of infected devices known as a botnet.
The IoT botnet, using the herd of hacked hardware, can then be used to commit other attacks, including large-scale phishing attacks, cryptocurrency mining, click fraud and denial of denial attacks. distributed service (DDoS).
To make matters worse, the source code leak of Mirai in October 2016 spawned many variants like Okiru, Satori, Masuta and combinemaking it an ever-changing threat.
Earlier in January, cybersecurity firm CrowdStrike noted that malware hitting Linux systems increased by 35% in 2021 compared to 2020, with XOR DDoS, Mirai and Mozi malware families accounting for more than 22% of threats. targets on Linux observed during the year.
“The primary goal of these malware families is to compromise vulnerable internet-connected devices, bundle them into botnets, and use them to perform distributed denial-of-service (DDoS) attacks,” the researchers said. mentioned.