This new botnet has recruited an army of Windows devices null
A new botnet is exploiting close to a dozen high and critical-severity vulnerabilities in Windows systems to turn them into cryptomining clients as well as to launch DDoS attacks.
The malware behind the botnet has been given the name Satan DDoS though security researchers have taken to referring to its as Lucifer in order to avoid confusion with the Satan ransomware.
Palo Alto Networks’ Unit 42 began looking into the botnet after the company’s researchers discovered it while following multiple incidents involving the exploitation of a critical vulnerability in a component of the Laravel web framework which can lead to remote code execution.
At first the Lucifer malware was believed to be used to mine the cryptocurrency Monero. However, it later become apparent that the malware also contains a DDoS component as well as a self-spreading mechanism that uses severe vulnerabilities and brute-forcing to its advantage.
Lucifer malware
In a blog post, Unit 42 provided further details on just how powerful the capabilities of the Lucifer malware are, saying:
“Lucifer is quite powerful in its capabilities. Not only is it capable of dropping XMRig for cryptojacking Monero, it’s also capable of command and control (C2) operation and self-propagation through the exploitation of multiple vulnerabilities and credential brute-forcing. Additionally, it drops and runs EternalBlue, EternalRomance, and DoublePulsar backdoor against vulnerable targets for intranet infections.”
The operators behind Lucifer have weaponized exploits for 11 different vulnerabilities which have all since been patched. However, cybercriminals often leverage older vulnerabilities to prey on users who have yet to patch their systems.
The latest version of the botnet malware also includes anti-analysis protection which allows it to check the user and computer name of an infected machine before carrying out its operations. If any names are found that correspond with analysis environments, the malware stops.
To protect against Lucifer, businesses and individuals should keep their software updated with the latest patches and use strong passwords.
Via BleepingComputer
A new botnet is exploiting close to a dozen high and critical-severity vulnerabilities in Windows systems to turn them into cryptomining clients as well as to launch DDoS attacks. The malware behind the botnet has been given the name Satan DDoS though security researchers have taken to referring to its…
Recent Posts
- Google adds biometric verification to Play Store to keep your in-store wallet safe
- Quordle today – hints and answers for Wednesday, April 17 (game #814)
- The Boring Phone is a nostalgic branding exercise by HMD and Heineken
- NYT Strands today — hints, answers and spangram for Wednesday, April 17 (game #45)
- The New Hot Handset Is a Cute and Transparent Dumb Phone You Can’t Buy
Archives
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011