The Spring4Shell vulnerability was discovered in the Spring Framework, which is used for developing enterprise-level applications in Java. A few days since then, experts have found evidence that the vulnerability is being actively abused by hackers to spread Mirai, a malware that mainly targets Internet of things (IoT) devices.
As observed by Trend Micro researchers, the hackers use Spring4Shell (also identified as CVE-2022-22965) to download the Mirai malware on a “/tmp” folder and execute it on elevated permissions.
Once active, Mirai allows the hackers to gain remote control of infected IoT devices and use them as part of a botnet for distributed denial of service and other large-scale attacks.
- How to use your old smartphone, laptop as security camera
- Want to keep your password safer? Experts suggest using three random words
The researchers recommend users to download the latest security patch to close the vulnerability on Spring Framework apps running on Java Development Kit 9.
So far, the researchers have identified servers in the Singapore region to be among those affected by Mirai that’s being spread through Spring4Shell.