Malware exploiting Meltdown and Spectre found
9 February 2018 | 0
It was inevitable. Once Google published its findings for the Meltdown and Spectre vulnerabilities in CPUs, the bad guys used that as a roadmap to create their malware. And so far, researchers have found more than 130 malware samples designed to exploit Spectre and Meltdown.
If there is any upside, it is that the majority of the samples appear to be in the testing phase, according to antivirus testing firm AV-TEST, or are based on proof-of-concept software created by security researchers. Still, the number is rising fast.
On 17 January, AV-TEST reported that it had seen 77 malware samples. Six days later, that number had increased to 119, and by 1 February, it was up to 139 samples.
The Meltdown and Spectre attack methods exploit a design flaw in branch prediction, where a CPU makes an educated guess on what it will compute or process next, and they allow malicious applications to bypass memory isolation to access the contents of memory. While the contents cannot be altered or destroyed, they can be read, which is bad enough.
Intel has issued fixes for the exploit but had to pull them because they caused more harm than good, drawing the ire of Linux creator Linus Torvalds. Intel has just issued new BIOS fixes. Microsoft has issued its own Windows fix, and it had its share of problems as well.
If that were not bad enough, Malwarebytes discovered a fraudulent site targeting German users with a fake patch supposedly to fix Meltdown and Spectre but actually installs the Smoke Loader malware, which downloads other malicious payloads.