Among these incidents, cybersecurity researchers identified an evolved variant of the SPAWN malware family dubbed “SPAWNCHIMERA” that not only exploits this flaw but also deploys a self-contained fix to prevent competing threat actors from leveraging the same vulnerability. The malware dynamically modifies strncpy to limit buffer copies to 256 bytes, effectively neutralizing the buffer overflow vulnerability it exploits. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Bypass Detection: Disables the patch if the source buffer’s first four bytes match 0x04050203, allowing selective exploitation by the malware operators. Security teams analyzing compromised systems might erroneously conclude the vulnerability is patched, overlooking SPAWNCHIMERA’s persistence mechanisms. This vulnerability, caused by improper handling of the strncpy function in the web server component, allowed attackers to execute arbitrary code remotely. With SPAWNCHIMERA’s hash (94b1087af3120ae22cea734d9eea88ede4ad5abe4bdeab2cc890e893c09be955) now public, organizations can hunt for this specific threat while remaining vigilant for further evolution of the SPAWN malware family. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Ivanti disclosed a critical buffer overflow vulnerability (CVE-2025-0282) affecting its Connect Secure VPN appliances. SPAWNCHIMERA represents a modular upgrade to previous SPAWN malware variants (SPAWNANT, SPAWNMOLE, SPAWNSNAIL), combining their functionalities into a unified framework. However, researchers noted that its most striking feature is a built-in vulnerability patch designed to monopolize exploitation of CVE-2025-0282.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 21 Feb 2025 07:00:33 +0000