Security researchers at Trend Micro and Qihoo 360 have discovered attackers exploiting the Spring4Shell flaw to target systems via malware installation. The attacks emerged as soon as the bug became public, according to the researchers. Although Spring4Shell, a Java-related flaw, is not as dangerous as Log4Shell, security firms are urging developers to patch the bug to avoid any risk of exploitation. The US Cybersecurity and Infrastructure Security Agency and Microsoft have both released advisories pertaining to the vulnerability.
Researcher noticed more attempts to leverage the vulnerability after it was publicly disclosed in late March. Less than one day after an advisory was released by the vendor, a variant of Mirai adopted the vulnerability to be used by threat actors in attacks. The exploitation of Spring4Shell saw malicious actors able to quickly weaponize the flaw, especially in the Singapore region. Trend Micro also warned that it detected the malware file server with other variants for different CPU architectures.
Read More: Spring4Shell flaw is now being used to spread this botnet malware