Meltdown and Spectre, the kernel-level bug affecting most Intel and some AMD CPUs, has been public since earlier this month. Companies have since been scrambling to shore up their platforms against the flaw. It should probably be no surprise to read cyber-attackers have also been at work, albeit more nefariously.
German antivirus testing firm AV-Test says hackers are already working on malware to exploit Meltdown and Spectre. The company has identified 139 samples of malware that are early attempts to attack the vulnerability.
“So far, the AV-Test Institute discovered 139 samples that appear to be related to recently reported CPU vulnerabilities. CVE-2017-5715, CVE-2017-5753, CVE-2017-5754,” the company wrote.
In response, AV-Test posted SHA-256 hashes of samples on Google's VirusTotal that shows on some antivirus software. Sample numbers have steadily increased since the first was seen on January 7. Over 100 samples were in place by the 21st of the month and yesterday the number had increased to 139.
AV-Test CEO Andreas Marx spoke to ZDNet and said all the malware successfully exploited Meltdown and Spectre.
“Due to the extremely high number of affected computers/systems and the complexity to ‘fix' the Spectre-Meltdown vulnerabilities, I'm sure that the malware writers are just looking for the best ways to extract information from computers and especially browsers,” he said.
Intel and various tech giants like Microsoft and Apple knew about the flaw since June 2017. However, they kept it secret to work on patches to fix the vulnerability. If users have downloaded those patches, their machine should be safe. However, Intel's own patch had problems and users are advised not to download it.
That means many machines are still vulnerable. Marx suggests things users can do to protect themselves:
“If you don't need your PC for more than an hour, switch it off. If you go for lunch or a break, close your browser. This should decrease your attack surface a lot and also save quite some energy,” said Marx.