appleinsider logo
Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Critical 'Log4J' Java flaw being used to deliver malware, crypto-miners

Log4j is being used to deploy malware on vulnerable systems.

A critical flaw in a popularly used Java library is being exploited by malicious actors to deliver malware, while security researchers are scanning for vulnerable servers.

The flaw and a proof-of-concept exploit was publicly released on Friday, wreaking havoc across companies that use the popular Log4j Java platform. Impacted firms included Amazon, Apple, Steam, Minecraft, and a lot more.

According to Bleeping Computer, threat actors have been using the vulnerability to deliver crypto-miners, botnet, and penetration tools that could be used to deploy ransomware on affected systems.

There's currently no public data suggesting that ransomware gangs have used the Log4k exploit, but the deployment of the aforementioned penetration tools suggests that such attacks could be "imminent," Bleeping Computer reported.

Additionally, both threat actors and security researchers are using the exploit to scan for vulnerable servers and steal information from them. From there, scanners can determine whether a server can be used for additional attacks, research purposes, or bug bounty awards.

The flaw exists in the Log4j Java-based logging platform, which is used for web server access and application logs. Once exploited, the vulnerability could allow a remote attacker to perform code execution or otherwise take control of a vulnerable server.

Since Log4j is used in thousands of websites and enterprise apps, security researchers are concerned that it could lead to widespread malware attacks and deployments.

Apache quickly patched its systems to mitigate the vulnerability.

Who's at risk, and how to protect yourself

Although the vulnerability appears to be wreaking havoc on Friday, the effects are mostly being felt in the enterprise sector. In other words, it's not up to end users to defend themselves against the vulnerability.

Engineers working in the programming subreddit suggested that major technology companies like Amazon have been working to fix the problem since late Thursday night. AppleInsider has learned that the week continued through the weekend at Amazon and others, and some companies are still implementing patches and work-arounds.