Security News > 2022 > April > Mirai malware now delivered using Spring4Shell exploits
The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS attacks.
Spring4Shell is a critical remote code execution vulnerability tracked as CVE-2022-22965, affecting Spring Framework, a widely used enterprise-level Java app development platform.
Trend Micro's discovery of a Mirai botnet variant successfully using CVE-2022-22965 to advance its malicious operation is of concern.
Spring4Shell is exploited to write a JSP web shell into the webroot of the web server via a specially crafted request, which the threat actors can use to execute commands on the server remotely.
The threat actors fetch multiple Mirai samples for various CPU architectures and execute them with the "Wget.sh" script.
Various Mirai botnets were among the few persistent exploiters of the Log4Shell vulnerability until last month, leveraging the flaw in the widely used Log4j software to recruit vulnerable devices onto its DDoS botnet.
News URL
Related news
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-01 | CVE-2022-22965 | Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | 9.8 |