Hackers exploited a critical vulnerability in the Java-based Apache Log4j logging library to install hidden miners and other malware. This was reported by the specialists of Netlab 360.
An exploit called Log4Shell allowed attackers to download Mirai and Muhstik malware onto devices. Later they were used to launch Kinsing cryptominers, organize large-scale DDoS attacks, or install Cobalt Strike beacons to find vulnerable servers.
The attacks identified by the experts were aimed at devices running Linux.
“Currently, there have been no cases of exploitation of vulnerabilities by ransomware or APT-groups, but the fact of the deployment of Cobalt Strike beacons indicates the forthcoming malicious campaigns, ”the experts said.
Netlab 360 recommended that users update to the latest version of Log4j.
In turn, Cybereason researchers have developed a “vaccine” that disables the trustURLCodebase setting on the remote Log4j server, thereby eliminating a critical vulnerability.
Recall that in early December, Neodyme specialists discovered an error in the library of programs for the Solana protocol, which potentially allowed stealing funds from DeFi projects at a rate of about $ 27 million per hour.
#Vulnerability #Java #libraries #install #hidden #miners