Watch out for the new Cryptojacking and DDoS Hybrid Malware "Lucifer"

Watch out for the new Cryptojacking and DDoS Hybrid Malware "Lucifer"

UNIT 42 experts who hunt unknown threats announce the new Cryptojacking and DDoS Hybrid Malware.

Experts from the UNIT 42 group discovered this cryptojacking malware on May 29 and called it “Lucifer”. Malware exploits high and critical vulnerabilities in devices running the Windows operating system.

Malware is capable of carrying out DDoS attacks and targets vulnerable Windows hosts. The first wave of the attack began on June 10, then continued on June 11, along with a new updated version of this malicious software. However, everything was captured by the new generation firewall from Palo Alto Networks. However, at the time of the release of information from UNIT 42, the attack was still ongoing.

UNIT 42 writes:

Lucifer is quite powerful in its capabilities. Not only is it capable of dropping XMRig for cryptojacking Monero, it’s also capable of command and control (C2) operation and self-propagation through the exploitation of multiple vulnerabilities and credential brute-forcing.

Lucifer also runs EternalBlue, EternalRomance and DoublePulsar backdoor against vulnerable targets.

Complete list:

  • CVE-2014-6287, CVE-2018-1000861, CVE-2017-10271, ThinkPHP RCE vulnerabilities (CVE-2018-20062), CVE-2018-7600, CVE-2017-9791, CVE-2019-9081, PHPStudy Backdoor RCE, CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464

These vulnerabilities have either “high” or “critical” ratings due to their trivial-to-exploit nature and their tremendous impact inflicted on the victim.

writes UNIT 42

The attacker can then execute arbitrary commands on the vulnerability and device.

Read a detailed analysis of Malware Lucifer here

Follow our social media and get news on time

1,966 Views

Share Tweet Send
0 Comments
Loading...
You've successfully subscribed to CCnews24
Great! Next, complete checkout for full access to CCnews24
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.