Meltdown/Specter-based Malware Coming Soon to Devices Near You, Are You Ready?

It has been few weeks since the details of the Spectre, and Meltdown processor vulnerabilities came out in public and researchers have discovered more than 130 malware samples trying to exploit these chip flaws.

Spectre and Meltdown are security vulnerabilities disclosed by security researchers earlier this month in many processors from Intel, ARM and AMD used in modern PCs, servers and smartphones, among other devices.

These CPU vulnerabilities could enable attackers to bypass memory isolation mechanisms and access everything, including memory allocated for the kernel containing sensitive data like passwords, encryption keys and other private information.

Researchers from independent antivirus testing firm AV-TEST detected at least 139 malware samples, as of today, which are related to these CPU vulnerabilities, as shown in the growth graph.

You can find SHA256 hashes for all malware samples here.

Meanwhile, cybersecurity firm Fortinet also tracked and analyzed many malware samples 'trying to exploit' recently disclosed CPU vulnerabilities, most of which includes re-compiled or extended version of the JavaScript-based proof-of-concept (PoC) exploit released last month.

"The rate at which the cybercriminal community is targeting known vulnerabilities is clearly accelerating, with the WannaCry and NotPetya exploits serving as perfect examples of the need to patch vulnerable systems as soon as possible," Fortinet said.

"Which is why our concerns were raised when we recently learned about some of the largest vulnerabilities ever reported—ones that affect virtually every processor developed since 1995 by chip manufacturers Intel, AMD, and ARM."

Another news makes this situation, even more, worse—Intel halted all its CPU firmware patches for the Meltdown and Spectre flaws last week after it caused issues like spontaneous reboots and other 'unpredictable' system behaviour on affected PCs.

So, until Intel and other vendors do not come up with stable security patches for the Meltdown and Spectre attacks that don’t cause systems to break, users are recommended to keep their operating system, web browsers, antivirus and other software up-to-date.

Comments

[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks

Recently uncovered two huge processor vulnerabilities called Meltdown and Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products. The issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years. What are Spectre and Meltdown? We have explained both, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article. In short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information. Both attacks abuse 'speculative execution' to access privileged memory—including those allocated for the kernel—from a low privileged user process like a malicious app running...

Unlocked phones vs. locked phones: Why you should care

Should you get an unlocked phone? The US wireless market is more competitive than ever, which is great news for consumers who have lots of choices when it comes choosing a service provider. But one barrier still exists when trying to switch carriers: the locked smartphone. The end of wireless contracts marked a watershed trend for consumers because it finally opened the door for them to more easily shop around for alternative wireless carriers. But the software locks that carriers put on phones restricting its use on other networks still prevent many consumers from having total freedom when it comes to choosing a provider. Now Verizon, the only wireless carrier that sold its phones unlocked out of the box, is reversing course. The company said earlier this week it would begin locking the phones it sells to consumers for an undetermined period of time, which will prevent them from using a SIM card from another carrier. But Verizon promised it would eventually ...

Watch Out! New Cryptocurrency-Mining Android Malware is Spreading Rapidly

Due to the recent surge in cryptocurrency prices, threat actors are increasingly targeting every platform, including IoT, Android, and Windows, with malware that leverages the CPU power of victims' devices to mine cryptocurrency. Just last month, Kaspersky researchers spotted fake antivirus and porn Android apps infected with malware that mines Monero cryptocurrency, launches DDoS attacks, and performs several other malicious tasks, causing the phone's battery to bulge out of its cover. Now, security researchers at Chinese IT security firm Qihoo 360 Netlab discovered a new piece of wormable Android malware, dubbed ADB.Miner , that scans wide-range of IP addresses to find vulnerable devices and infect them to mine digital cryptocurrency. According to the researchers, ADB.Miner is the first Android worm to reuse the scanning code programmed in Mirai—the infamous IoT botnet malware that knocked major Internet companies offline last ...

Tech Knock

Search This Blog