Log4j Exploits Are Now Being Used to Spread Dridex Banking Trojan
As the log4j vulnerability disclosures come out, and ongoing exploitation in the wild is on, we have been closely monitoring developments and tracking the gap between the disclosures and how fast the patching occurs, in the Log4j resource center.
Just yesterday, Belgium’s defense ministry confirmed that they had been had been with a cyberattack from bad actors who had exploited the Log4j vulnerability.
Although the original and most critical ‘log4shell’ vulnerability (CVE-2021-44228) may have been the start of it all, up to four total CVEs have been disclosed thus far, with a fifth one impacting the “logback” framework.
Note, to avoid any confusion, the log4j-api component itself is not vulnerable to the log4shell vulnerability, contrary to what the GitHub advisory states. Our security research team has accounted for this and similar exceptions in our research data.
And, for those using log4j 2.16, switching to 2.17 is a good idea after a seemingly trivial but nonetheless ‘High’-rated DoS vulnerability, tracked as CVE-2021-45105, was patched.
Log4shell Threat Actors Deploying Dridex Banking Malware
By now, log4shell exploits have been weaponized by all classes of threat actors, from nation-state hackers to ransomware gangs and those looking to deploy cryptomining malware.
This week, however, cybersecurity research group Cryptolaemus warns Log4shell exploits are now being leveraged by threat actors to infect Windows machines with the Dridex Trojan and Linux devices with Meterpreter, as first reported by BleepingComputer.
Dridex Trojan is known for targeting online banking victims in an attempt to steal their credentials. However, later variants of the (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Ax Sharma. Read the original post at: https://blog.sonatype.com/log4j-exploits-are-now-being-used-to-spread-dridex-banking-trojan
