Khonsari ransomware targeting Minecraft servers by exploiting a Log4Shell bug, Microsoft confirmed

Microsoft reported on Wednesday that threat actors are exploiting a critical security vulnerability in Log4jShell to deliver a new family of ransomware called Khonsari on self-hosted Minecraft servers.

A Redmond-based software giant said in an update to its security bug blog post that it could see the findings of cybersecurity firm Bitdefender, which revealed the existence of a new conservative ransomware stock earlier this week.

Bitdefender said it has observed multiple attempts by attackers to deploy the Khonsari ransomware payload that exploits the Log4jShell bug to attack Windows machines.

“Your files were encrypted and stolen by the Khonsari family,” Bitdefender said, a Khonsari operative wrote in a ransom note.

“If you want to decrypt, please call (***) ***-1309 or send an email to kar *** If you don’t know how to buy btc [Bitcoin], Use a search engine to search for exchanges. Do not modify or delete this file or the encrypted file. If you do, the file may become unrecoverable. “

For Minecraft servers not hosted by Microsoft, Microsoft states that threat actors are sending malicious in-game messages to vulnerable servers. These malicious messages later exploit a Log4Shell bug to retrieve and execute the malicious payload on both the vulnerable server and the vulnerable client connected.

The attacker packages the Khonsari ransomware as a malicious Java class file. This file runs in the context of javaw.exe and receives the device as a ransom.

“Microsoft Defender antivirus data has observed such a small number of cases. [ransomware] It is launched from a compromised Minecraft client connected to a modified Minecraft server running a vulnerable version of Log4j2 using a third-party Minecraft mods loader, “Microsoft said.

The company is currently advising all Minecraft server administrators to install the latest updates immediately to protect against these attacks. Players are only required to pay attention by connecting to a trusted Minecraft server.

Last week, Mojang Studios, the video game developer behind Minecraft, released an emergency security update to address the Log4jShell vulnerability in the Apache Log4jJava logging library used by the game’s Java Edition client and multiplayer servers.

“If you’re running a multiplayer server, we highly recommend upgrading to this version as soon as possible,” said the advisory.

Log4jShell, tracked as CVE-2021-44228, was published last week.

According to researchers, this bug exists in the Apache Log4j Java logging library and is a very dangerous, widespread and vulnerable bug.

reference: Another JavaLog4j vulnerability was discovered

This flaw has been tracked as CVE-2021-44228, which could allow an attacker to execute malicious code in a Java application.

This vulnerability is triggered when a specially crafted string provided by an attacker via a variety of different input vectors is parsed and processed by a vulnerable component of Log4j.

This bug poses a serious danger both due to the widespread use of Log4j and the ease with which such attacks can be carried out.

Security company Checkpoint researchers said this week they saw Iran’s hacking group APT35 exploiting CVE-2021-44228 to target seven entities in the Israeli government and the corporate sector.

“Reports over the past 48 hours prove that both criminal hacking groups and nation-state attackers are engaged in investigating this vulnerability, and further operations by such attackers will occur in the coming days. We have to assume that it will be clear, “says the researchers.

Khonsari ransomware targeting Minecraft servers by exploiting a Log4Shell bug, Microsoft confirmed

Source link Khonsari ransomware targeting Minecraft servers by exploiting a Log4Shell bug, Microsoft confirmed

Back to top button