Stories
Slash Boxes
Comments

SoylentNews is people

Trend Says Hackers Have Weaponized SpringShell to Install Mirai Malware

posted by Fnord666 on Tuesday April 12 2022, @05:50AM   Printer-friendly
Security

upstart writes:

Trend says hackers have weaponized SpringShell to install Mirai malware:

Researchers on Friday said that hackers are exploiting the recently discovered SpringShell vulnerability to successfully infect vulnerable Internet of Things devices with Mirai, an open source piece of malware that wrangles routers and other network-connected devices into sprawling botnets.

When SpringShell (also known as Spring4Shell) came to light last Sunday, some reports compared it to Log4Shell, the critical zero-day vulnerability in the popular logging utility Log4J that affected a sizable portion of apps on the Internet. That comparison proved to be exaggerated because the configurations required for SpringShell to work were by no means common. To date, there are no real-world apps known to be vulnerable.

Researchers at Trend Micro now say that hackers have developed a weaponized exploit that successfully installs Mirai. A blog post they published didn't identify the type of device or the CPU used in the infected devices. The post did, however, say a malware file server they found stored multiple variants of the malware for different CPU architectures.

"We observed active exploitation of Spring4Shell wherein malicious actors were able to weaponize and execute the Mirai botnet malware on vulnerable servers, specifically in the Singapore region," Trend Micro researchers Deep Patel, Nitesh Surana, and Ashish Verma wrote. The exploits allow threat actors to download Mirai to the "/tmp" folder of the device and execute it following a permission change using "chmod."

Original Submission

This discussion has been archived. No new comments can be posted.
Trend Says Hackers Have Weaponized SpringShell to Install Mirai Malware | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 0) by Anonymous Coward on Tuesday April 12 2022, @06:35AM (9 children)

    by Anonymous Coward on Tuesday April 12 2022, @06:35AM (#1236312)

    Summary has no information, as is normal for SoylentNews these days. So, Windows vulnerability, only? Advice, from all "security researchers" who are actuall security researchers: Do Not Run Microsoft. Pretty simple, built-in permissions structure, versus really stupid Bill Gates stuff.

    • (Score: 3, Informative) by coolgopher on Tuesday April 12 2022, @08:22AM (6 children)

      by coolgopher (1157) Subscriber Badge on Tuesday April 12 2022, @08:22AM (#1236315)

      I _think_ this is a vulnerability in the Spring framework, which apparently is a Java thing. I started to RTFA, but it wasn't immediately clear.

      • (Score: 3, Informative) by DannyB on Tuesday April 12 2022, @05:19PM (5 children)

        by DannyB (5839) Subscriber Badge on Tuesday April 12 2022, @05:19PM (#1236408) Journal

        This affects Java developers who happen to use Spring Framework in a particular way. This has more qualifiers than the recent Log4J vulnerability.

        --
        How often should I have my memory checked? I used to know but...

        • (Score: 2) by coolgopher on Tuesday April 12 2022, @10:19PM (4 children)

          by coolgopher (1157) Subscriber Badge on Tuesday April 12 2022, @10:19PM (#1236473)

          Ah Java -- such a classic. "Write once, pwn everywhere".

          • (Score: 2) by DannyB on Wednesday April 13 2022, @01:57PM (3 children)

            by DannyB (5839) Subscriber Badge on Wednesday April 13 2022, @01:57PM (#1236592) Journal

            Java has been more popular [youtube.com] than C / C++ for over 17 years and to this very day. Yet Java cannot match the security problems that are baked in to C. Java quietly runs huge boring enterprise, banking and financial applications in the background for years and years, processing your transactions every day. Yet it is largely invisible to you.

            --
            How often should I have my memory checked? I used to know but...

            • (Score: 2) by coolgopher on Wednesday April 13 2022, @11:23PM (2 children)

              by coolgopher (1157) Subscriber Badge on Wednesday April 13 2022, @11:23PM (#1236769)

              Shoulda stuck with COBOL. When was the last time you saw a COBOL vuln?

              • (Score: 2) by DannyB on Friday April 15 2022, @02:11PM (1 child)

                by DannyB (5839) Subscriber Badge on Friday April 15 2022, @02:11PM (#1237189) Journal

                It is amusing that Java was intended to run in the smallest devices. Such as that chip on your credit card. All of the billions of cell phones in the early 2000s had Java on them -- every single one. Blue Ray players. Yet what was Java's biggest silent largely invisible success? Giant corporations building large complex enterprise systems, and finance and banking.

                --
                How often should I have my memory checked? I used to know but...

                • (Score: 1, Informative) by Anonymous Coward on Friday April 15 2022, @04:14PM

                  by Anonymous Coward on Friday April 15 2022, @04:14PM (#1237217)
                  Yeah and with Android lots of mobile devices kind of run Java.

                  Thing is you're more likely to find perl on busybox, OpenWRT machines than java... Similar for raspberry pi.

                  Also I think MacOS, AIX, Solaris, FreeBSD and many Linux distros still bundle perl as a built-in.

                  So if you're going to write multiplatform software/malware perl might be a better option ;)

    • (Score: 2) by EvilSS on Tuesday April 12 2022, @06:07PM (1 child)

      by EvilSS (1456) Subscriber Badge on Tuesday April 12 2022, @06:07PM (#1236423)
      From the article, and looking at the CPU architectures it's designed to work against, not to mention "The exploits allow threat actors to download Mirai to the "/tmp" folder of the device and execute it following a permission change using "chmod."" it looks like it is mainly targeting vulnerable services running on Linux. So Do Not Run Linux?

      • (Score: 2) by coolgopher on Tuesday April 12 2022, @10:21PM

        by coolgopher (1157) Subscriber Badge on Tuesday April 12 2022, @10:21PM (#1236474)

        That's what Microsoft has been saying for ages! Linux is such a hassle. On Windows, you wouldn't need that pesky "chmod" step!

  • (Score: 0) by Anonymous Coward on Tuesday April 12 2022, @12:38PM (1 child)

    by Anonymous Coward on Tuesday April 12 2022, @12:38PM (#1236338)

    Gotta love 'em, because the government won't let us line them up against a wall and shoot them.

    • (Score: 1) by crotherm on Tuesday April 12 2022, @08:41PM

      by crotherm (5427) on Tuesday April 12 2022, @08:41PM (#1236458)

      For some reason I felt old reading this. :)

  • (Score: 0) by Anonymous Coward on Tuesday April 12 2022, @04:49PM

    by Anonymous Coward on Tuesday April 12 2022, @04:49PM (#1236400)

    So is it a real threat or a conceptual vulnerability?

    To date, there are no real-world apps known to be vulnerable.
    [...]
    "We observed active exploitation of Spring4Shell"

    Which is it?

    (And really, those elite hackers used `chmod` to make something runnable!? OHS NOES!!!)

(1)