Cybersecurity researchers have uncovered a new threat that has been dubbed Lucifer Malware. Lucifer is not an uncommon name for threats, but it is important to note that the Lucifer Malware is not related in any way to the Lucifer Banking Trojan, which made headlines back in 2019. The goal of the Lucifer Malware is to hijack the resources of a targeted system to use it to deploy DDoS (Distributed-Denial-of-Service) attacks. According to security experts, the Lucifer Malware also may deploy a cryptomining Trojan on the infected host.
This Week In Malware Ep 12: Lucifer Malware Attacking PCs via Cryptojacking and DDoS Attacks
The authors of the Lucifer Malware have created a list of known vulnerabilities found in outdated Web-based software versions to distribute their threat. This includes Apache Struts, ThinkPHP, Oracle Weblogic and HTTP File Server. The creators of the Lucifer Malware have automated the process of seeking systems that are vulnerable by using a script. When the Lucifer Malware detects a system that matches its criteria, it will attempt to use one of the known vulnerabilities to compromise the target. If this process is executed successfully, the Lucifer Malware would be deployed on the targeted host.
When the Lucifer Malware infects a host, it will connect to the C&C (Command & Control) server of its operators immediately. Next, the Lucifer Malware would fetch the configurations it requires to run from the C&C server properly. The cryptomining module of the Lucifer Malware has not been a great success. This module has helped the attackers generate 0.493527 XMR only, which is $32 approximately.
The Lucifer Malware's authors have integrated some modules that allow the implant to spread laterally once it infiltrates a network successfully. It makes use of the well-known DoublePulsar, EternalRomance, and EternalBlue vulnerabilities that focus on exploiting Windows' SMB (Server Message Block) service.
The Lucifer Malware is an interesting threat that uses brutish methods in regards to the infection vector utilized in the distribution of the hacking tool and more advanced techniques like the exploitations of the SMB service. You should protect your system and networks by installing a genuine, modern anti-malware solution.