Security researchers have spotted several instances of threat actors exploiting the Apache Log4j vulnerability. The vulnerability, tracked as CVE-2021-44228 and detected in the Java logging library, can result in full server takeover and leaves countless applications vulnerable. Malware research organization vx-underground on Monday shared a list of malware abusing the vulnerability. There is evidence that a worm will be developed soon that will self-propagate with the ability to stand up a self-hosted server on compromised endpoints.”]
Source: https://www.cuinfosecurity.com/already-compromised-by-apache-log4j-check-before-you-patch-a-18116