Researchers at the antivirus testing firm AV-TEST have discovered more than 130 samples of malware that were specifically developed to exploit the Spectre and Meltdown CPU vulnerabilities.
The good news is that these samples appear to be the result of testing activities, but experts fear that we could soon start observing attacks in the wild.
Most of the codes obtained by AV-TEST are just recompiled versions of the Proof of Concept code available online. Experts at AV-TEST also found the first JavaScript PoC codes for web browsers like IE, Chrome or Firefox in our database now.
“We also found the first JavaScript PoC codes for web browsers like IE, Chrome or Firefox in our database now.”Andreas Marx, CEO of AV-TEST, told SecurityWeek.
The Meltdown attack could allow attackers to read the entire physical memory of the target machines stealing credentials, personal information, and more.
The Meltdown exploits the speculative execution to breach the isolation between user applications and the operating system, in this way any application can access all system memory.
The Spectre attack allows user-mode applications to extract information from other processes running on the same system. It can also be exploited to extract information from its own process via code, for example, a malicious JavaScript can be used to extract login cookies for other sites from the browser’s memory.
The Spectre attack breaks the isolation between different applications, allowing to leak information from the kernel to user programs, as well as from virtualization hypervisors to guest systems.
On January 17, experts at AV-TEST reported that they had detected 77 malware samples apparently related to the Intel vulnerabilities.
#Spectre & #Meltdown: So far, the AV-TEST Institute discovered 77 samples which appear to be related to recently reported CPU vulnerabilities. #CVE-2017-5715 #CVE-2017-5753 #CVE-2017-5754 pic.twitter.com/J7LvweJCTP
— AV-TEST GmbH (@avtestorg) January 17, 2018
The number of malware samples related to Meltdown and Spectre reached pi119 by January 23.
[UPDATE: 2018-01-23] #Spectre & #Meltdown: So far, the AV-TEST Institute discovered 119 samples which appear to be related to recently reported CPU vulnerabilities. #CVE-2017-5715 #CVE-2017-5753 #CVE-2017-5754
SHA256 Hashes: https://t.co/qurJ8CcX71 pic.twitter.com/3Z0cUrIk7x
— AV-TEST GmbH (@avtestorg) January 23, 2018
On January 31, AV-TEST confirmed to be in possession of 139 samples from various sources.
[UPDATE: 2018-01-23] #Spectre & #Meltdown: So far, the AV-TEST Institute discovered 119 samples which appear to be related to recently reported CPU vulnerabilities. #CVE-2017-5715 #CVE-2017-5753 #CVE-2017-5754
SHA256 Hashes: https://t.co/qurJ8CcX71 pic.twitter.com/3Z0cUrIk7x
— AV-TEST GmbH (@avtestorg) January 23, 2018
According to the AV-TEST CEO, several groups of experts are working on a malware that could trigger Intel flaws, most of them are re-engineering the available PoC.
“We aren’t the only ones concerned. Others in the cybersecurity community have clearly taken notice, because between January 7 and January 22 the research team at AV-Test discovered 119 new samples associated with these vulnerabilities,” reads a blog post published by Fortinet. “FortiGuard Labs has analyzed all of the publicly available samples, representing about 83 percent of all the samples that have been collected, and determined that they were all based on proof of concept code. The other 17 percent may have not been shared publicly because they were either under NDA or were unavailable for reasons unknown to us.”
Pierluigi Paganini, Editor-in-Chief
Cyber Defense Magazine
;
We are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.