Malicious actors have been exploiting the widespread Log4Shell vulnerability to infect vulnerable VMware Horizon servers with backdoors and miners, reports Threatpost
While VMware has already issued fixes to address the flaw in Horizon servers, many organizations may still have not applied the newer versions or the provided remediations, a Sophos report revealed.
"Attempts to compromise Horizon servers are among the more targeted exploits of Log4Shell vulnerabilities
because of their nature," said Sophos, which noted that the peak of Log4j attacks targeted at Horizon have been ongoing since it began on Jan. 19.
Researchers discovered that miners deployed on Horizon servers included the z0Miner and JavaX miner, as well as the Mimu and Jin variants of the XMRig commercial cryptominer. Attackers have also launched implants of Sliver and the legitimate tools Atera and Splashtop Streamer as backdoor payloads. Two different reverse shell types have also been deployed by the threat actors.
The findings should prompt organizations to adopt self-training machine learning models to identify exploitation of software vulnerabilities, according to Gurucul founder and CEO Saryu Nayyar.