Monday, August 10, 2020
New Variant of Lucifer Malware is Targeting Windows
6/26/2020 11:57:40 AM

Researchers from Palo Alto Networks’ Unit 42 division detected a new malware called “Lucifer” with numerous exploits for conducting crypto mining functionality and performing distributed denial-of-service (DDoS) attacks on machines running the Windows OS. 

Lucifer was identified as a self-propagating malware which initially bombards PCs in hopes of taking advantage of vulnerabilities before capitalizing on lists of unpatched vulnerabilities to control their targets’ systems.

Lucifer has been found to target vulnerabilities such as Rejetto HTTP File Server, Oracle Weblogic, ThinkPHP RCE, Apache Struts, Laravel Framework, and Microsoft Windows CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464.

Ken Hsu, a senior security researcher at Unit 42 for Palo Alto Networks explained that Lucifer has been successful in infecting systems in the Asia-Pacific region.

"Because it's able to monetize its attacks, as well as establish a command-and-control operation, it appeals to a wide variety of attackers. The number of alerts we observed suggests that companies should step up their security measures, not just via patching software but also by strengthening security policy and compliance, [such as] password strengthening," said Hsu.

Unit 42 researchers also warned that there are two strains of Lucifer where the first version performs cryptojacking, DDoS attacks, brute-forcing credentials, and self-propagation while the second one has added anti-sandbox and anti-debugger functionalities.

Hsu advised companies to keep systems up to date, implement strong password policies, and have threat intelligence to adapt to the latest attacks.

Article © - All Rights Reserved. Provided by FeedSyndicate
Courtesy: FeedSyndicate