“Worst Web Safety Menace in A long time” is now used to empty victims’ financial institution accounts
The Log4j vulnerability was only discovered last week, but has already set alarm bells ringing worldwide – with the bug that is referred to as a “high risk” for the entire Internet. The critical problem was discovered in a Java library used in a variety of popular services, such as the Java edition of the hit game Minecraft, Apple’s iCloud service used to back up iPhone and Mac devices, as well the PC game service Steam. Apple quickly postponed the patch of the vulnerability, while a fix has been rolled out for Minecraft – but for other affected services it could be weeks or even months before they are no longer clear.
And now, hackers have exacerbated the threat, which one expert said “set the Internet on fire”, by spreading the infamous banking malware Dridex.
This Trojan, also known as the Meterpreter, was originally developed to steal online banking credentials – which is dangerous enough in itself.
But the malware has since evolved to install other payloads, take screenshots, and even spread to other devices.
The use of Log4j to install the banking malware was exposed by cybersecurity group Cryptolaemus, who wrote on Twitter: “We checked the distribution of Dridex 22203 on Windows via # Log4j”.
When the Log4j vulnerability was first discovered, the severity of the threat was highlighted by Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA).
Easterly, who has served in state cybersecurity roles for 20 years, said Log4j poses a “grave risk” to the entire Internet and is one of the, if not the worst, threats she has seen in her career.
Easterly said, “This vulnerability, widely exploited by a growing number of threat actors, is an urgent challenge for network defenders given its widespread use.
“This vulnerability is one of the most serious I’ve seen in my entire career, if not the most serious.
“We expect the vulnerability to be widely exploited by experienced actors and we have limited time to take the steps necessary to reduce the likelihood of harm.”
Jay Gazlay of CISA’s Vulnerability Management Office added that hundreds of millions of devices are likely to be affected by the Log4j vulnerability.
While Adam Meyers – of the cybersecurity firm Crowdstrike – warned: “The internet is on fire right now. People try to install patches and all kinds of people try to take advantage of it. “