Lucifer malware emerged a couple of months ago as a typical Windows malware. However, it has now returned with even more power. Researchers have found the new Lucifer malware variants capable to target Linux systems.
Lucifer Malware Targeting Linux
Reportedly, researchers from NETSCOUT have found new variants of Lucifer malware that can target Linux devices. Sharing the details in a blog post, the researcher revealed that the new Lucifer strains exhibit more malicious functionalities.
While the Windows Lucifer versions limited themselves to cryptomining, the new ones can even steal credentials. For this, Lucifer leverages MIMIKATZ. This capability is in addition to the cryptomining and DDoS capabilities that resemble the Windows version.
Besides MIMIKATZ, the Linux version of Lucifer also supports TCP, UCP, ICMP, and HTTP-based DDoS attacks.
In brief, they discovered the new Linux Lucifer version while looking for additional samples. They found numerous similarities between the Linux and Windows versions. For instance, the same welcome message, use of the same C&C server, and same DDoS functionalities.
However, the Linux version is more advanced in terms of the DDoS attacks it can conduct. As stated by the researchers,
To date, the Lucifer bot variants we’ve analyzed appear to be capable of standard ICMP-, TCP- and UDP-based flooding attacks, including the ability to spoof the source IPs of attack packets. Additionally, Lucifer supports HTTP application-layer attacks, including basic HTTP GET- and POST-floods, as well as multiple versions of HTTP ‘CC’ DDoS attacks.
Categorically, the Linux version of Lucifer can conduct volumetric DDoS, state exhaustion DDoS, or app-level DDoS attacks.
Requires Extra Efforts To Fend Off
The Linux version of Lucifer is far more potent than its Windows counterpart. Hence, while the cybersecurity community can significantly combat this malware, it still requires lots of effort for a thorough defeat.
Moreover, the malware’s capability to infect Linux systems also makes it a threat to IoT devices. According to the researchers,
As IoT devices are almost always based on various Linux distributions, it would not be a huge stretch to see Lucifer recompiled to run on IoT-based devices and include common IoT vulnerabilities as an infection method. We anticipate seeing the number of Linux and cross-platform bots such as Lucifer grow in the future.
Let us know your thoughts in the comments.