Lucifer Malware Emerges As New Threat To Windows Devices

  •  
  •  
  •  
  • 4
  •  
  •  
  •  
    4
    Shares

A new malware dubbed ‘Lucifer’ (or Satan) is actively targeting Windows systems. This malware exploits various vulnerabilities in the system to infect target devices.

Lucifer Malware Targeting Windows

Researchers from Palo Alto Networks’ Unit 42 division have found an active campaign of new malware in the wild. Dubbed ‘Satan’ by the threat actors, and ‘Lucifer’ by the researchers this malware exploits known bugs to infect Windows machines.

Sharing the details in a post, the researchers explained that they caught two strains of Lucifer while analyzing the campaign. Yet, their functionalities predominantly remained the same, the version 2 being more advanced.

Briefly, Lucifer malware aims at cryptojacking by dropping XMRig on target devices, and DDoS attacks. Moreover, the other functionalities are slightly different for the two versions.

The Lucifer v.1 performs cryptojacking, DDoS attacks, brute-forcing credentials, and self-propagation. Whereas, Lucifer v.2, in addition to these capabilities, also exhibits anti-sandbox and anti-debugger functionalities.

Also, the malware tends to drop EternalBlue, EternalRomance, and DoublePulsar backdoors (under certain circumstances) for propagation.

Both Lucifer variants exploit known security flaws in Windows systems to infect target machines. These flaws include CVE-2014-6287, CVE-2017-10271, CVE-2017-9791, PHPStudy Backdoor RCE, CVE-2017-0144, CVE-2017-0145, CVE-2017-8464, CVE-2018-7600, CVE-2018-1000861, ThinkPHP RCE vulnerabilities (CVE-2018-20062), and CVE-2019-9081.

Malware Campaign In The Wild

The researchers confirmed that they observed two different campaigns involving the malware in the wild. For the first time, they spotted an active campaign on May 29, 2020, that ended on June 10, 2020.

Then, from June 11, 2020, the second campaign started off with the advanced malware variant which is still active.

Whereas, regarding the vulnerable software, they stated,

The vulnerable software includes Rejetto HTTP File Server, Jenkins, Oracle Weblogic, Drupal, Apache Struts, Laravel framework, and Microsoft Windows.

Since the campaign exploits all known vulnerabilities, the researchers urged the users to ensure keeping their device up-to-date. Moreover, they also advise all to set up strong passwords to prevent dictionary attacks.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!