There’s no doubt that the beginning of this year has been branded, mainly, by the discovery of Meltdown and Spectre, two security errors hidden on Intel, AMD and ARM’s processors that have cornered all of the computing industry. The complexity of these vulnerabilities makes them hard to fix as well as hard to exploit. But while developers still haven’t found a solution for these vulnerabilities, the first pieces of malware capable of successfully exploiting this security errors are already appearing.
According to security researchers from AV-Test, Fortinet and Minerva, from a few days ago, malware that exploits this vulnerabilities on Intel’s, AMD’s and ARM’s processors has been appearing. Moreover, the number of these samples registered on the last week has grown considerably, right now being 119 pieces of malware capable of successfully exploiting Meltdown and Spectre.
This kind of malware has been detected on the platform VirusTotal shortly after the concept test, PoC, that shows how these two vulnerabilities could be exploited, was released. As Fortinet assures, many of these samples are just variations of this test trial, but it is worrisome seeing how easy it would be to implement this code in any malware and even how many researchers are mutating this PoC to exploit vulnerabilities on a higher level.
There is experimentation with the PoC of these two vulnerabilities every day and we should keep in mind that most of the times this code is not uploaded to platforms such as VirusTotal, so we could encounter malware that takes advantage of these vulnerabilities.
There is no real malware capable of exploiting Meltdown and Spectre, for now
Security investigators assure that, although the number of samples has grown exponentially from the beginning of January 2018, at the time they don’t represent a real threat to users, since there is no malware that exploits this vulnerabilities for their benefit, at least for now.
It is most likely that we will soon see the first malwares with the code to exploit Meltdown and Spectre which can endanger user’s security. For now, we can rest easy, but focused on the updates that are periodically published for the operative systems and day-to-day apps, such as browsers.
Besides from the malware, we should keep in mind that these two security errors can also be exploited remotely, from a web page created for this purpose. So we should also be extremely cautious when following links to suspicious websites which are not to trust.