A new botnet exploits nearly a dozen high and critical vulnerabilities in Windows systems to turn them into cryptomining clients and launch DDoS attacks. The malware behind the botnet was given the name Satan DDoS, although security researchers took the name Lucifer to avoid confusion with Satan ransomware. Palo Alto Networks Unit 42 began studying the botnet after company researchers discovered it while following multiple incidents involving the exploitation of a critical vulnerability in a component of the Laravel web framework that can lead to execution. code remote. At first, the Lucifer malware was supposed to be used to exploit the Monero cryptocurrency. However, it later becomes apparent that the malware also contains a DDoS component, as well as a self-propagation mechanism that uses severe vulnerabilities and brutal forcing to its advantage.
Malware Lucifer
In a blog post, Unit 42 provided additional details about the power of the Lucifer malware, saying: "Lucifer is quite powerful in his abilities. Not only is he capable of removing XMRig for Monero cryptojacking, but he is also capable of commanding and control (C2) and spread automatically by exploiting multiple vulnerabilities and raw credential forcing.In addition, it removes and runs the EternalBlue, EternalRomance and DoublePulsar backdoor against vulnerable targets for intranet infections." The operators behind Lucifer have exploited exploits for 11 different vulnerabilities, all of which have since been patched. However, cybercriminals often exploit old vulnerabilities to attack users who have not yet patched their systems. The latest version of the botnet malware also includes scan protection that allows it to verify the username and computer name of an infected machine before performing its operations. If names matching the scan environments are found, the malware is stopped. To protect against Lucifer, businesses and individuals must keep their software up to date with the latest patches and use strong passwords. Via BleepingComputer