Banking Trojan Dridex Exploits Log4j Vulnerability
The number of known Log4j malware examples and correspondingly documented attacks is currently increasing at a rapid pace. Now an old banking Trojan is back – it too makes use of the vulnerability in the Java library.
This emerges from new media reports about new waves of attacks worldwide. The security vulnerability CVE-2021-44228, also known as Log4j2, comes as a cold surprise to all authorities and companies. Although a security update has long been available, many systems still remain unprotected so that hackers only have to search for vulnerable systems.
Threat actors are now also using the critical Log4j vulnerability to infect vulnerable devices with the infamous banking Trojans Dridex, also known as Bugat or Cridex: The cybersecurity research group Cryptolaemus warns that Log4j is being exploited to infect Windows devices with the Trojan Infect Dridex and Linux devices with Meterpreter. Both act similarly.
Worm-like spread of the malware
Dridex malware is a banking Trojan that steals online banking credentials. Over time, however, the malware has evolved to such an extent that it downloads various modules, which in turn installs additional malware, spreads itself like a worm, takes and sends screenshots of the desktop, and so on.
Dridex infections are also known to lead to ransomware attacks believed to be linked to the hacker group Evil Corp. These ransomware infections include BitPaymer and DoppelPaymer. With Log4j currently being exploited by many threat actors to install a wide range of malware, it is not surprising that well-known cybercriminals are also involved. Businesses are strongly advised to look for any vulnerable applications that are using Log4j and update them to the latest versions.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.
