Hackers could be close to developing malware that exploits flaws, suggests a German cybersecurity firm.
AV-Test, an independent German antivirus testing and security software company, has managed to identify nearly 139 malware samples that most probably indicate growing craze among cybercriminals to exploit the recently discovered CPU bugs Meltdown and Spectre.
However, the majority of these samples are based upon already existing proof-of-concept coding from numerous security experts but it is indeed concerning that the number of unique samples has increased considerably over the past few weeks. The number of samples collected by AV-Test on January 7th was rather low but by January 21st the company managed to collect a hundred samples and at the end of January, the total count of samples reached 139.
AV-Test wrote on Twitter that the 139 samples discovered by its researchers “appear to be related to recently reported CPU vulnerabilities. CVE-2017-5715, CVE-2017-5753, CVE-2017-5754,” and posted SHA-256 hashes of some of the samples.
#Spectre & #Meltdown: So far, the AV-TEST Institute discovered 77 samples which appear to be related to recently reported CPU vulnerabilities. #CVE-2017-5715 #CVE-2017-5753 #CVE-2017-5754 pic.twitter.com/J7LvweJCTP
— AV-TEST GmbH (@avtestorg) January 17, 2018
Google exposed the Meltdown and Spectre flaws on January 3rd, 2018 and since then OS developers, chip makers, and browser creators have been trying to release patches to mitigate the three different types of speculative side-channel attacks, which are believed to affect WebAssembly and JavaScript supporting browsers.
Apple had stated while releasing patches for the attacks that Spectre attacks are quite difficult to exploit even is the infected app runs locally on macOS or iOS device; but if the browser runs on JavaScript then the attacks are very much exploitable and if the attack meets success then it will leak all kinds of sensitive data including passwords.
According to AV-Test CEO Andreas Marx, each one of the samples can use one of the three attacks but in case the files contain “problematic program codes” then it is impossible to confirm that all of them can exploit the vulnerabilities successfully. Marx stated that it won’t be surprising to identify first targeted attacks or widespread use of malware but he also explained that such attacks will happen only if threat actors find it easy to exploit Spectre and Meltdown vulnerabilities as they are currently focusing more on ransomware and cryptojacking exploits.
“Due to the extremely high number of affected computers/systems and the complexity to ‘fix’ the Spectre-Meltdown vulnerabilities, I’m sure that the malware writers are just looking for the best ways to extract information from computers and especially browsers,” stated Marx.
Marx also believes that the malware developers are currently in the research phase in which they are trying to identify ways to exploit Meltdown and Spectre attacks because most of the samples are either recompiled of extended versions of the proof-of-concepts.
“Interestingly, for various platforms like Windows, Linux and MacOS. Besides this, we also found the first JavaScript POC codes for web browsers like Internet Explorer, Chrome or FireFox in our database now,” wrote Marx.
On Tuesday Fortinet’s FortiGuard Labs published a report after assessing these samples and expressed its concerns regarding the probable potential of Meltdown and Spectre malware targeting enterprises and users. The company concluded that 83% of these samples were proof-of-concept based while the remaining 17% were not publicly shared probably for being under NDA.
Fortinet has released various antivirus signatures to defend users against those samples but it would be difficult to detect other exploits that are related to these chip vulnerabilities and patch issues have further complicated the situation.
To mitigate the threat Marx suggests that if the PC is not in use for over an hour then it is a wise idea to switch it off and always close the browser while going out on lunch break because it will minimize the attack surface to a great extent and also prevent loss of energy.
