Security News > 2022 > April > Mirai malware now delivered using Spring4Shell exploits
The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS attacks.
Spring4Shell is a critical remote code execution vulnerability tracked as CVE-2022-22965, affecting Spring Framework, a widely used enterprise-level Java app development platform.
Trend Micro's discovery of a Mirai botnet variant successfully using CVE-2022-22965 to advance its malicious operation is of concern.
Spring4Shell is exploited to write a JSP web shell into the webroot of the web server via a specially crafted request, which the threat actors can use to execute commands on the server remotely.
The threat actors fetch multiple Mirai samples for various CPU architectures and execute them with the "Wget.sh" script.
Various Mirai botnets were among the few persistent exploiters of the Log4Shell vulnerability until last month, leveraging the flaw in the widely used Log4j software to recruit vulnerable devices onto its DDoS botnet.
News URL
Related news
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- SoumniBot malware exploits Android bugs to evade detection (source)
- CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2022-22965 | Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | 9.8 |