An Akamai researcher has discovered an attempt to use Log4j vulnerabilities in ZyXEL networking devices to “infect and assist in the proliferation of malware used by the Mirai botnet.”
Larry Cashdollar, a member of the Security Incident Response Team at Akamai Technologies, explained that Zyxel may have been specifically targeted because they published a blog noting they were impacted by the Log4j vulnerability.
“The first sample I examined contained functions to scan for other vulnerable devices,” Cashdollar wrote in an Akamai blog post.
“The second sample… did contain the standard Mirai attack functions,” he added. “It appears the… attack vectors had been removed in favor of Log4j exploitation. Based on the attack function names and their instructions, I believe this sample is part of the Mirai malware family.”
Cashdollar concluded his blog post by writing that “if you have automated string extraction utilities for malware samples that log to a vulnerable Log4j instance, this payload could execute.”
Zyxel released a security advisory about the issue, noting that it is aware of the vulnerability and that it only affects the NetAtlas Element Management System line of products.
“After a thorough investigation, we’ve identified only one vulnerable product that is within its warranty and