Hackers exploited a critical vulnerability in the Java-based Apache Log4j logging library to install covert miners and other malware. This was reported by Netlab 360 researchers.
The exploit, named Log4Shell, allowed attackers to drop Mirai and Muhstik malware onto devices. Subsequently, they were used to deploy crypto miners such as Kinsing, to mount large-scale DDoS attacks, or to install Cobalt Strike beacons for locating vulnerable servers.
The attacks identified by experts targeted devices running Linux.
“There are currently no recorded cases of the vulnerability being exploited by ransomware or APT-groups; however, the deployment of Cobalt Strike beacons indicates forthcoming malicious campaigns,” the experts noted.
Netlab 360 recommended that users update to the latest version of Log4j.
Cybereason researchers have developed a ‘vaccine’ that disables the trustURLCodebase parameter on the remote Log4j server, thereby removing the critical vulnerability.
Earlier in December, Neodyme researchers discovered a flaw in the Solana protocol library that potentially allowed funds from DeFi projects to be stolen at a rate of about $27 million per hour.
Read ForkLog’s bitcoin news on our Telegram — cryptocurrency news, prices and analytics.