Article 5Y02G Trend says hackers have weaponized SpringShell to install Mirai malware

Trend says hackers have weaponized SpringShell to install Mirai malware

by
Dan Goodin
from Ars Technica - All content on (#5Y02G)
cyber-cyber-cyber-800x578.jpeg

Enlarge (credit: Getty Images)

Researchers on Friday said that hackers are exploiting the recently discovered SpringShell vulnerability to successfully infect vulnerable Internet of Things devices with Mirai, an open source piece of malware that wrangles routers and other network-connected devices into sprawling botnets.

When SpringShell (also known as Spring4Shell) came to light last Sunday, some reports compared it to Log4Shell, the critical zero-day vulnerability in the popular logging utility Log4J that affected a sizable portion of apps on the Internet. That comparison proved to be exaggerated because the configurations required for SpringShell to work were by no means common. To date, there are no real-world apps known to be vulnerable.

Researchers at Trend Micro now say that hackers have developed a weaponized exploit that successfully installs Mirai. A blog post they published didn't identify the type of device or the CPU used in the infected devices. The post did, however, say a malware file server they found stored multiple variants of the malware for different CPU architectures.

Read 5 remaining paragraphs | Comments

index?i=rXc3fxvcumc:g9X6M3qFW1M:V_sGLiPB index?i=rXc3fxvcumc:g9X6M3qFW1M:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments