Home → News → Lucifer: Devilish Malware That Abuses Critical Vulnerabilities... → Full Text

Lucifer: Devilish Malware That Abuses Critical Vulnerabilities on Windows Machines

By ZDNet

July 1, 2020

[article image]


Researchers at Palo Alto Networks' Unit 42 discovered a new variant of a powerful cryptojacking and DDoS-based malware, called Lucifer, which infects Windows machines by exploiting their vulnerabilities.

The malware scans for open TCP ports 135 (RPC) and 1433 (MSSQL) and uses credential-stuffing attacks to gain access.

After infecting the machine, the malware drops the XMRig program to covertly mine for the Monero cryptocurrency.

In addition, Lucifer connects to a command-and-control server to receive commands, transfer stolen system data, and inform operators of the status of the Monero cryptocurrency miner.

Lucifer also tampers with the Windows registry to schedule itself as a task at startup and checks for the presence of sandboxes or virtual machines to evade detection or reverse engineering.

The researchers recommend applying updates and patches to the affected software.

From ZDNet
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA

0 Comments

No entries found