Exploiting Log4Shell to provide VMware Horizon servers with backdoors, crypto…

The Log4Shell vulnerability is actively exploited to deliver backdoors and cryptocurrency miners to vulnerable VMware Horizon servers.

On Tuesday, Sophos cybersecurity researchers said the attacks were first detected in mid-January and are ongoing. Not only backdoors and cryptocurrency miners are used, but scripts are also used to collect and steal device information.

Log4Shell is a critical vulnerability in the Java logging library Apache Log4J. The unauthenticated Remote Code Execution (RCE) vulnerability was released in December 2021 and is tracked as CVE-2021-44228 with a CVSS score of 10.0.

Researchers have warned that Log4Shell is likely to last for years, especially given the flaw’s ease of exploitation.

Microsoft has previously detected Log4Shell attacks carried out by state-sponsored cybercriminals, but most seem to focus on cryptocurrency mining, ransomware, and so on.