Lucifer Malware
The Lucifer Malware is a worm that uses password and software vulnerabilities for propagating. Its features include server-flooding Denial-of-Service attacks, cryptocurrency-mining via a third-party program, and general-purpose command execution. Windows anti-malware tools should delete the Lucifer Malware, and installing security patches and choosing responsible passwords will leave users less at risk from infection attempts.
The Name of the Devil Has Petty Concerns in Your Computer
Satan's angelic name is an ominous title for bestowing upon any virus, Trojan or worm. Still, such themes impart anything other than memorable headlines to their threatening campaigns rarely. The Lucifer Malware, first out in the wild as of June, benefits from aggressive and innate propagation methods that give its threat actor a 'hands-off' way of growing their crimes. However, its motivation isn't very different from that of Blue Mockingbird Malware or other XMRig-abusing Trojans.
The Lucifer Malware is a backdoor Trojan and a worm: a threat that establishes a backdoor connection to the attacker's server and processes commands, as well as a self-duplicating program. In an open SMB protocol context, the Lucifer Malware can use exploits like DoublePulsar and EternalBlue for creating backdoors. It also uses the relatively simple technique of dictionary or brute-force attacks for cracking admin passwords. Finally, it can take advantage of a bevy of unpatched (but patchable) vulnerabilities, such as an SMB remote code execution (CVE-2017-0145) from 2017 or a Laravel Framework deserialization (CVE-2019-9081) from 2019.
When it infects a system, the Lucifer Malware can execute commands from the attacker's server for progressing arbitrary goals. Currently, the Lucifer Malware campaign limits itself to dropping XMRig – a popular cryptocurrency-mining tool – and crashing Web servers with Denial-of-Service attacks. These features point to the Lucifer Malware's primarily financial motives, with any data exfiltration or credentials-scrapping being circumstantial for benefiting the worm's spread.
What Has a Digital Demon Running Scared
Although the Lucifer Malware's campaign is being aggressive in its propagation, this strategy doesn't indicate exceptional expertise on the part of the threat actor necessarily. As already explained, it benefits from victims that neglect their defenses by not installing essential security updates predominantly. Secondarily, admin accounts still using default or otherwise-weak passwords are at risk.
The Lucifer Malware also shows some signs of possible weaknesses or concerns over the possibility of them. Recent updates to the Lucifer Malware, besides showing that it's not a static, one-and-done project, also display a strong emphasis on anti-analysis. The Lucifer Malware's recent versions will attempt checks for the telltale signs of AV vendor analysis environments, such as sandboxes and debuggers.
Users can always install security updates to remove vulnerabilities that the Lucifer Malware would abuse. They also can choose complex and lengthy passwords that aren't in dictionary attack lists.
The Lucifer Malware has a far more dignified namesake than its actions or techniques warrant. Rather than an angelic being, it's a thug and server saboteur who only finds a foothold on already-weak victims – and it's arguably, their fault in the first place.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.