There is a new botnet that has been exploiting numerous severely critical vulnerabilities in computer systems that are using Windows, and they are being turned into cryptocurrency miners and also being used to take part in DDoS attacks.
Security researchers have given the malware behind the botnet Satan DDoS, but most of them refer to it as Lucifer since there's already ransomware called Satan and they don't want to create any confusion regarding which one is which.
What Is The Lucifer Malware?
Unit 42 of Palo Alto Networks started to look into the botnet after its security researched found it when they were investigating a few incidents that involved a critical vulnerability being exploited from the Laravel web framework that could lead to the remote execution of code.
In the beginning, people believed that the Lucifer malware was used to turn the infected systems into a Monero cryptocurrency miner. After a while though, it became clear that the malware also had a DDoS function that spread itself to other systems.
How was it spreading itself onto other systems? It used brute-forcing as well as multiple highly-critical vulnerabilities to its advantage.
A Deeper Look Into The Lucifer Malware
Unit 42 wrote a blog post that gave more details on everything that the Lucifer malware could do and how powerful it truly is.
According to the blog post, Lucifer malware has powerful capabilities. It can drop XMRig so that it can do some cryptojacking for Monero. Another one of its capabilities is a command and control operation as well as self-propagation by using and exploiting many vulnerabilities and the brute-forcing of credentials.
The Lucifer malware can also drop and run DoublePulsar, EternalRomance, and EternalBlue backdoors against vulnerable systems so that it can infect other systems in the same network as that system.
Lucifer's operators have taken almost a dozen individual vulnerabilities and crafted exploits to use against them, but all of these vulnerabilities have been fixed. However, these cybercriminals will usually take advantage of older vulnerabilities so it can target users that haven't applied the latest updates and patches to their system yet.
The Lucifer malware's latest version comes with an anti-analysis protection feature that lets it check the name of the user and computer that it has infected before it carries out its mission. If it finds any names that match with any analysis environments, then it will stop in its tracks.
If you want to protect yourself protected from the Lucifer malware, then it would help if businesses and individuals update their systems and software. Also, a strong password will help significantly so that brute-forcing your credentials would be more difficult for cybercriminals.
Researchers at Palo Alto's Unit 42 team analyse Lucifer, a cryptominer-DDoS malware hybrid https://t.co/I4fKJ4vOjU pic.twitter.com/WwEdnGvPon — Virus Bulletin (@virusbtn) June 25, 2020