Security researchers are seeing an ever-increasing number of malware samples that are experimenting with the Meltdown and Spectre vulnerabilities.
According to experts at AV-TEST, Fortinet, and Minerva Labs, several individuals are experimenting with publicly released proof-of-concept (PoC) code for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715, CVE-2017-5753) vulnerabilities. Chris Doman, Security Researcher at AlienVault commented below.
Chris Doman, Security Researcher at AlienVault:
“So far, we’ve seen about 150 samples hit our signatures for Spectre and Meltdown on VirusTotal. The exact number depends on whether you consider near identical exploits duplicates or not. At the moment, they all seem to be just PoCs rather than anything to be concerned about being used in the wild. These can be reviewed here.”