Sysdig’s Threat Research Team (Sysdig TRT) detected a new attack, dubbed proxyjacking, that leveraged the Log4j vulnerability for initial access. The attackers then sell the victim’s IP addresses to proxyware services for profit. While Log4j attacks are common, the payload used in this case was uncommon. Instead of the typical cryptojacking or backdoor payload, Sysdig TRT witnessed the attacker installing an agent which turned the compromised account into a proxy server, allowing the attacker to sell the IP to a proxyware service and collect the profit.