Getting News, the Lucifer Malware Leverages windows which are vulnerabilities for the Cryptomining and the DDoS attack done by the threat actor.
The gain popularity of the concept of cryptomining which generates revenue with various threat actor which have been attempting to do illegitimate mining activities which used for their victim’s infrastructure, along with several other parallel malicious activities. Recently a malware was used in targeting the victims for crypto mining as well as DDoS attacks.
Whole Campaigns
Palo Alto Network the unit 42 team said that they are identified with the two versions of the lucifer malware which took advantage of known vulnerabilities for infiltrating and performing malicious activities on target systems.
- The Self-propagating Hybrid malware variant which dubbed lucifer, leverages known vulnerabilities that spread and perform malicious activities on the platform such as cryptojacking and Distributed denial-of-service (DDoS)attacks.
- The Lucifer Malware where we are talking about are targeting the Rejetto Http File Server (CVE-2017-6287), Microsoft Window (CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464), Oracle Weblogic (CVE-2017-10271) Apache Struts (CVE-2017-9791), ThinkPHP RCE (CVE-2018-20062) and Laravel Framework (CVE-2019-9081)
- The Brute force which can attack the credentials, the malware dropped XMRIg Miner for crypto-jacking Monero and exploited EternalBlue, EternalRomance, and DoublePulsar backdoor-exploits against vulnerable targets for internet infections.
Cryptojacking Campaigns
Cryptojacking is on the rise and hackers are frequently using and coming with this to compromise computer resources and for the crypto-mining.
- A Monero cryptocurrency-mining campaign called Blue Mockingbird which exploited a deserialization vulnerability (CVE-2019-18935) in unpatched versions of Telerik UI for the ASP .Net. It deployed the XNRig Monero-mining Payload in a dynamic-link library form on windows systems. ( Happens In May 2020)
- The Victory Gate Botnet used USB Drivers In Propagation mechanism which deployed auto and XNRig on infected machines for Crypto Mining.
What We Need
We need to stay safe while applying any updates and patches for all the deployed software, firmware, and operating systems as soon as you can do. The User should use the Browser extensions to the block crypto miners across the web which are used for trusted ad-blocker and detect to block the malicious crypto-mining code embedded in online ads,
Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.
You can Also read Articles :
[…] Lucifer Malware: Windows Vulnerabilities for Cryptomining […]