Mirai Malware Distributed by Means of Spring4Shell Vulnerability

Threat actors have been detected using the Spring4Shell vulnerability to install malware on victim PCs, according to security researchers.

More Details on the Spring4Shell Vulnerability

According to ZDNet, the Spring4Shell vulnerability, which has been assigned by security researchers CVE-2022-22965  is not considered to be as dangerous as the famous Log4Shell. However, what the US Cybersecurity and Infrastructure Security Agency (CISA), and Microsoft are advising developers is that they patch it if they’re using Java Development Kit (JDK) 9.0 and higher, as well as Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and earlier versions.

Researchers from Qihoo 360 published a report on this topic mentioning that

After March 30, we started to see more attempts such as various webshells, and today, 2022-04-01 11:33:09(GMT+8), less than one day after the vendor released the advisory, a variant of Mirai, has won the race as the first botnet that adopted this vulnerability.

Source

TrendMicro experts came to the same conclusion that the Mirai botnet is exploiting this vulnerability, reporting that

Trend Micro Threat Research observed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965, which allows malicious actors to weaponize and execute the Mirai botnet malware. The exploitation allows threat actors to download the Mirai sample

Read More: https://heimdalsecurity.com/blog/spring4shell-vulnerability-exploited-to-distribute-mirai-malware/