139 pieces of (seemingly nonfunctional) malware that exploit Spectre and Meltdown are now circulating in the wild


This week, AV-TEST's census of samples of circulating malware that attempt to exploit the Meltdown and Spectre bugs hit 139, up from 77 on January 17.


AV-TEST CEO Andreas Marx says that the different strains of malware mostly contain recompiled versions of the same proof-of-concept code released with the initial report on the bugs.

It doesn't appear that any of the exploits work yet, but it's clear that malware authors are working to actively exploit Meltdown and Spectre.


Early reports suggested that mitigating Meltdown and Spectre would be easy, but in practice, attempts to mitigate the defects have been a catastrophe.

Marx believes different groups are working on the PoC exploits to determine if they can be used for some purpose. “Most likely, malicious purposes at some point,” he said.

The expert believes the current malware samples are still in the “research phase” and attackers are most likely looking for ways to extract information from computers, particularly from web browsers. He would not be surprised if we started seeing targeted and even widespread attacks in the future.


Malware Exploiting Spectre, Meltdown Flaws Emerges [Eduard Kovacs/Securityweek]