Security News > 2021 > December > Log4j vulnerability now used to install Dridex banking malware
Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter.
The Dridex malware is a banking trojan originally developed to steal online banking credentials from victims.
Today, the cybersecurity research group Cryptolaemus warned that the Log4j vulnerability is now exploited to infect Windows devices with the Dridex Trojan and Linux devices with Meterpreter.
When executed, the Java class will first attempt to download and launch an HTA file from various URLs, which will install the Dridex trojan.
This VBS file acts as the main downloader for Dridex and has been seen previously in other Dridex email campaigns.
With Log4j exploited by threat actors to install a wide range of malware, it comes as no surprise that the more active malware operations would begin to target the vulnerability.
News URL
Related news
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)