Attackers are already using Log4Shell to install malware and miners

Attackers already using Log4Shell install malware miners

Cybercriminals have already taken advantage of the dangerous Log4j Log4Shell flaw, through which they try to deploy malware to vulnerable servers. In parallel, the researchers are also scanning the Web for leaky installations.

Thus, from just a critical vulnerability Log4j Log4Shell turned into a 0-day. As you know, a bug allows attackers to execute code on servers; for this, it is enough to change the user-agent of the browser to a special string.

There is good news: Apache released version Log4j 2.15.0, which supposedly fixes the identified vulnerability, but cybercriminals have already started scanning the Network and trying to exploit the vulnerability, so the consequences can still be dire.

As the problematic software is used on thousands of corporate websites and applications, experts fear that Log4Shell will lead to massive cyberattacks against organizations around the world.

Today, attackers are trying to use an exploit to install a malicious crypto miner – financial incentives are evident. There were also reports of an attempt to create a botnet.

Researchers from Cisco have published a report claiming that attackers tried to exploit Log4Shell as early as nine days before the vulnerability was published. According to NIST, the hole received the ID CVE-2021-22448 and the maximum 10 on the CVSS scale.

It is worth mentioning the Netlab 360 study, in which experts point to the use of Log4Shell as a vector for installing Mirai and Muhstik malware on vulnerable devices.

Catch up on more stories here

Follow us on Facebook here

Leave a Reply