- The widespread Log4j exploit has moved on from cryptojacking to data theft, Microsoft warns
- Log4j has been making headlines over its scale and infectiousness
Hackers were initially using it for cryptojacking
The Log4j exploit that has seen software providers and anti-virus companies alike warning over the potential damage it could cause have warned that the exploit has moved from focusing on cryptojacking to data theft infected machines. Microsoft has warned that the exploit, known formally as Log4Shell, had morphed from being used to mine cryptocurrency on infected users’ machines to stealing personal data, with providers racing to patch the exploit.
Log4j Attack Breadth Increasing
Microsoft announced over the weekend that its threat intelligence teams had been tracking attempts to exploit the remote code execution (RCE) vulnerability that was revealed last week. The vulnerability affects Apache Log4j, an open-source logging library commonly deployed in cloud services and enterprise software. Many applications and services written in Java are potentially vulnerable, and hackers are trying to make the most of the potential of the exploit before it is patched.
Microsoft said that cryptojacking, where attackers remotely take over a computer and use it to mine cryptocurrency, has been the most common implementation of Log4j, which typically results in nothing more than slower performance on the computer in question. However, other Log4j exploits Microsoft has seen include activities such as credential theft, lateral movement, and data exfiltration.
Users Advised to Stay Viliglant and Update ASAP
The issue for users is that the onus is on organizations to patch their systems and stay on top of the Log4j, and individuals will have no idea which web services they use are protected and which are still vulnerable. Users have been advised to look out for updates from services that provide cloud-based software and install them asap and also take steps to protect themselves from cryptojacking.