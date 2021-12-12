Cybercriminals are now taking advantage of an exploit that affects millions of devices around the world through popular web services.

Researchers have discovered that a major vulnerability is being exploited right now that can put hundreds of popular services in check across the Internet – bad news for businesses and users who must act quickly.

Small and large companies are patching a vulnerability called Log4Shell which is capable of allowing hackers to compromise millions of devices through very popular services from companies like Apple, Valve, Cloudflare or through popular games like Minecraft.

However, there are already indications that different cybercriminals are exploiting this vulnerability which allows remote code execution on vulnerable servers thus giving them the ability to import malware that would compromise user devices.

Vulnerability was discovered originally by Chen Zhaojun Alibaba Cloud Security Team, and is located in log4j, an open source registry library used in well-known Internet applications and services. It is a registry where applications and services keep a list of the activities they have carried out.

The problem is that almost all network security systems execute some type of registration process, so this type of library has a great expansion in the network.

However, vulnerability is so important that Marcus hutchins, one of the security researchers charged with stopping the global WannaCry malware attack, has pointed out that this new vulnerability will affect millions of applications.

This log4j (CVE-2021-44228) vulnerability is extremely bad. Millions of applications use Log4j for logging, and all the attacker needs to do is get the app to log a special string. So far iCloud, Steam, and Minecraft have all been confirmed vulnerable. – Marcus Hutchins (@MalwareTechBlog) December 10, 2021

This exploit was first seen on sites that hosted servers from Minecraft, a popular video game for consoles and computers. They found that attackers were able to cause this vulnerability by posting messages in chat.

On the other hand, the security company LunaSec it states that gaming platforms like Steam or even Apple’s iCloud are already vulnerable to this exploit.

In order for this vulnerability to be exploited, the cybercriminal has to make the application save a special string of characters in the registry. This is not complicated since the application routinely saves a wide range of events in the log, such as messages sent between users, or even details of system errors.

On the other hand, Cloudflare’s CTO, John Graham-Cumming, has pointed out to Theverge who looking back over the last 10 years “there are only two other exploits you can think of in similar severity”.

It refers both to Heartbleed that allowed to obtain information from servers that should have been safe and Shellshock that allowed to execute code on a remote machine.

It should be noted that it has already been launched an update to the log4j library to mitigate this vulnerability, but due to the huge number of vulnerable machines, the update process can take a long time, putting millions of devices around the world at risk.