Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

New Report Says Hackers Exploiting Spring4Shell Flaw to Spread Mirai Malware

A team of security researchers has discovered that attackers are now exploiting the critical Spring4Shell vulnerability to spread Mirai malware on target systems. The Mirai botnet malware attacks were first detected earlier this month, and the threat actors are currently targetting vulnerable web servers in the Singapore region.

According to Trend Micro’s researchers, the threat actors have created a weaponized exploit that lets them successfully install Mirai on vulnerable systems. The security researchers explained that the malware file server stored multiple variants of Mirai designed for different CPU architectures. However, the blog post didn’t specifically mention the infected CPU or device type.

“We observed active exploitation of Spring4Shell wherein malicious actors were able to weaponize and execute the Mirai botnet malware on vulnerable servers, specifically in the Singapore region,” Trend Micro researchers explained. “We also found the malware file server with other variants for different CPU architectures.”

Hackers Exploiting Spring4Shell Flaw to Spread Mirai Malware — Credits: Trend Micro

The Spring4Shell flaw enables attackers to gain remote access to the targetted device and download the Mirai sample to the “/tmp” folder. Once done, the threat actor can then execute the malware following a permission change via the “chmod” command.

Spring Framework versions affected by the Mirai botnet malware attacks

Here’s a list of the configurations that render systems vulnerable:

Java Development Kit (JDK) version 9 or higher
Apache Tomcat
Spring Framework versions before 5.2.20, 5.3.18
spring-webmvc or spring-webflux dependency
Packaged as a traditional web application archive (WAR)
Writable file system like ROOT or web apps

The Mirai botnet malware recently made headlines following a surge in attacks against Internet of Things (IoT) devices in 2020 and 2021. This malware is commonly used to launch distributed denial-of-service (DDoS) attacks, brute-force attacks, credential theft, ransomware deployment, etc.

VMware recommends IT Admins to upgrade to Spring Framework 5.3.18 and 5.2.20 as soon as possible to patch the Spring4Shell exploit. Meanwhile, Microsoft has also provided some detection and hunting capabilities to help its customers protect vulnerable devices in their organizations.

by Rabia Noureen
Apr 11, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
The Ultimate Guide to Web Application Firewalls (WAF)

Jun 20, 2023
The Dirty Truth About IT Offboarding Automation

Jul 21, 2023
Aug 25, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.