A new self-propagating malware called ‘Lucifer’ launches cryptojacking and DDoS attacks against Windows systems to mine Monero.
On June 24, security experts from Palo Alto Networks’ Unit 42 warned on the software that operates under the name “Lucifer”.
Not today Lucifer, not today: We discovered a new cryptojacking / #DDoS hybrid malware equipped with a variety of exploits that we've named "Lucifer." Learn how to protect yourself here: https://t.co/Q6m2H1YRNw — Unit 42 (@Unit42_Intel) June 24, 2020
Lucifer is a hybrid of cryptojacking and DDoS malware that leverages old vulnerabilities on the Windows platform.
According to the study, after breaking the security infrastructure, attackers execute commands that release DDoS attacks.
This allows them to install XMRig Miner, a Monero (XMR) mining app to launch cryptojacking attacks.
Palo Alto Networks claims that a related Monero wallet has received 0.493527 XMR so far which is approximately $32 as of the publication time.
The researches provided some recommendations to avoid Lucifer’s malware:
“Applying the updates and patches to the affected software are strongly advised. The vulnerable software includes Rejetto HTTP File Server, Jenkins, Oracle Weblogic, Drupal, Apache Struts, Laravel framework, and Microsoft Windows. Strong passwords are also encouraged to prevent dictionary attacks.”