Researchers have discovered three backdoors and four miners exploiting Log4Shell vulnerability, some of which are still active. The Log4Shell flaw is being used by a “horde” of miner bots and backdoors to take over vulnerable VMware Horizon servers, according to researchers, with threat actors still actively waging certain attacks.
Sophos reported on Tuesday that the widely used Java logging library’s remote code execution (RCE) Log4j vulnerability is being actively exploited, especially among cryptocurrency mining bots.
In addition to crypto miners, attackers are using Log4Shell to deliver backdoors that Sophos believes are initial access brokers (IABs) that could pave the way for future ransomware attacks.
Read More: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/