A malware called “Lucifer” is targeting old vulnerabilities in Windows systems to install a well-known Monero mining application.
On June 24, security experts from Palo Alto Networks’ Unit 42 warned about a new self-propagating malware that launches cryptojacking and DDoS attacks against Windows systems. The software operates under the name “Lucifer”.
According to the study, Lucifer is a hybrid of cryptojacking and DDoS malware that leverages old vulnerabilities on the Windows platform.
After breaking the security infrastructure, attackers execute commands that release DDoS attacks. This allows them to install XMRig Miner, a well-known Monero (XMR) mining app, to launch cryptojacking attacks.
Palo Alto Networks claims that a related Monero wallet has received 0.493527 XMR so far. That converts to approximately $32 as of press time.
Preventing this “diabolical” attack
The researches behind the study provided some recommendations to avoid Lucifer’s malware:
“Applying the updates and patches to the affected software are strongly advised. The vulnerable software includes Rejetto HTTP File Server, Jenkins, Oracle Weblogic, Drupal, Apache Struts, Laravel framework, and Microsoft Windows. Strong passwords are also encouraged to prevent dictionary attacks.”
Recent reports revealed that a group of hackers behind the Kingminer botnet targeted vulnerable Microsoft SQL server databases to mine Monero at some point in the second week of June.
Cointelegraph recently reported on an attack which hijacks machine learning clusters on Microsoft’s Azure cloud computing network to mine Monero.