Security News > 2022 > April > Mirai malware now delivered using Spring4Shell exploits
The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS attacks.
Spring4Shell is a critical remote code execution vulnerability tracked as CVE-2022-22965, affecting Spring Framework, a widely used enterprise-level Java app development platform.
Trend Micro's discovery of a Mirai botnet variant successfully using CVE-2022-22965 to advance its malicious operation is of concern.
Spring4Shell is exploited to write a JSP web shell into the webroot of the web server via a specially crafted request, which the threat actors can use to execute commands on the server remotely.
The threat actors fetch multiple Mirai samples for various CPU architectures and execute them with the "Wget.sh" script.
Various Mirai botnets were among the few persistent exploiters of the Log4Shell vulnerability until last month, leveraging the flaw in the widely used Log4j software to recruit vulnerable devices onto its DDoS botnet.
News URL
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Fake LDAPNightmware exploit on GitHub spreads infostealer malware (source)
- Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws (source)
- Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2022-22965 | Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | 9.8 |