Hackers exploited a critical vulnerability in the Java-based Apache Log4j logging library to install hidden miners and other malware.
An exploit called Log4Shell allowed attackers to download Mirai and Muhstik malware onto devices. Later they were used to launch Kinsing cryptominers, organize large-scale DDoS attacks, or install Cobalt Strike beacons to find vulnerable servers.
The attacks identified by the experts were aimed at devices running Linux.
Trending: Smart Contracts Audits Startup Hexens Closed $4.2 M Seed Funding
"Currently, there have been no cases of exploitation of the vulnerability by ransomware or APT groups, but the fact of the deployment of Cobalt Strike beacons indicates an upcoming malicious campaign," the experts said.
Netlab 360 recommended that users update to the latest version of Log4j.
In turn, Cybereason researchers have developed a "vaccine" that disables the trustURLCodebase setting on the remote Log4j server, thereby eliminating a critical vulnerability.