The Spring4Shell vulnerability was discovered in the Spring Framework, which is used for developing enterprise-level applications in Java. A few days since then, experts have found evidence that the vulnerability is being actively abused by hackers to spread Mirai, a malware that mainly targets Internet of things (IoT) devices.

As observed by Trend Micro researchers, the hackers use Spring4Shell (also identified as CVE-2022-22965) to download the Mirai malware on a “/tmp” folder and execute it on elevated permissions.

Once active, Mirai allows the hackers to gain remote control of infected IoT devices and use them as part of a botnet for distributed denial of service and other large-scale attacks.

The researchers recommend users to download the latest security patch to close the vulnerability on Spring Framework apps running on Java Development Kit 9.

So far, the researchers have identified servers in the Singapore region to be among those affected by Mirai that’s being spread through Spring4Shell.



Leave a comment

Your email address will not be published.