CyberNews Briefs

Spring4Shell flaw is now being used to spread this botnet malware

Security researchers at Trend Micro and Qihoo 360 have discovered attackers exploiting the Spring4Shell flaw to target systems via malware installation. The attacks emerged as soon as the bug became public, according to the researchers. Although Spring4Shell, a Java-related flaw, is not as dangerous as Log4Shell, security firms are urging developers to patch the bug to avoid any risk of exploitation. The US Cybersecurity and Infrastructure Security Agency and Microsoft have both released advisories pertaining to the vulnerability.

Researcher noticed more attempts to leverage the vulnerability after it was publicly disclosed in late March. Less than one day after an advisory was released by the vendor, a variant of Mirai adopted the vulnerability to be used by threat actors in attacks. The exploitation of Spring4Shell saw malicious actors able to quickly weaponize the flaw, especially in the Singapore region. Trend Micro also warned that it detected the malware file server with other variants for different CPU architectures.

Read More: Spring4Shell flaw is now being used to spread this botnet malware

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.