Microsoft Defender Antivirus detects and removes this threat.

This threat represents a cryptocurrency mining payload associated with post exploitation of the remote code execution vulnerability, CVE-2021-44228 (also referred to as “Log4Shell”), in the Log4j component of Apache. This vulnerability affects Java-based applications that use Log4j 2.

Attackers gain access to the target device and launch arbitrary remote code loaded from LDAP servers, which are logged and launched by the Log4j component. This can allow attackers to install cryptocurrency miners on a target device. 

Read the following blogs for more information: 

• Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

• Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

Microsoft Defender Antivirus detects and removes this threat.

This threat represents a cryptocurrency mining payload associated with post exploitation of the remote code execution vulnerability, CVE-2021-44228 (also referred to as “Log4Shell”), in the Log4j component of Apache. This vulnerability affects Java-based applications that use Log4j 2.

Attackers gain access to the target device and launch arbitrary remote code loaded from LDAP servers, which are logged and launched by the Log4j component. This can allow attackers to install cryptocurrency miners on a target device. 

Read the following blogs for more information:

• Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

• Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

Microsoft Defender Antivirus detects and removes this threat. 

This threat downloads and installs other programs, including other malware, onto your PC without your consent. 

Learn more about this type of threat: Invisible resource thieves: The increasing threat of cryptocurrency miners