Lucifer Malware takes advantage of Windows vulnerabilities for DDoS attacks and Cryptomining.
Lucifer Malware Exploits Windows Vulnerabilities For Cryptomining
Cryptomining is becoming one of the popular source to generate revenue. Thus, many threat actors are trying to find illegitimate ways to indulge in mining activities using the victims’ infrastructure. So, these actors often exploit the vulnerabilities of the devices to initiate mining activities. Other than that, they also use the malicious program for other attacks like DDoS.
Recently, a new malware named Lucifer was found to be targeting Windows users for crypto mining as well as DDoS attacks.
The Cyptojacking and DDoS campaign by Lucifer
Unit 42 team of the Palo Alto Networks said that they had found two versions of the Lucifer malware.
Lucifer is a self-propagating hybrid malware variant taking advantage of the vulnerabilities of the operating system. Often times, it attacks Windows-based computers for conducting malicious activities. Like crypto-jacking and distributed denial-of-service (DDoS) attacks.
Now again, the malware has targeted Microsoft Windows vulnerabilities namely:
- Windows (CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464),
- Apache Struts (CVE-2017-9791),
- Laravel framework (CVE-2019-9081),
- Rejetto HTTP File Server (CVE-2014-6287),
- Oracle Weblogic (CVE-2017-10271) and
- ThinkPHP RCE (CVE-2018-20062).
Further, it uses brute-forcing to crack the credentials on the target system to drop XMRig miner. This is cryptominer that is used to mine Monero coins.
Additionally, it also exploits EternalBlue, EternalRomance, and DoublePulsar backdoor-exploits to target vulnerable computers for intranet infections.
The notable cryptojacking campaigns from the recent past
As the cryptocurrency is a high-priced commodity and its mining give high returns, hackers have started to show interest in such attacks.
Cryptojacking is not new phenomena and hackers are coming up with new ways to target vulnerable computers. As mining needs complex computing power thus one need to bear huge expenses. Thus, the cyber-offenders often target other users to drop mining code that engages the CPU and GPU power resources for cryptomining.
In May 2020, Blue Mockingbird, a Monero cryptocurrency-mining campaign, exploited a deserialization vulnerability (CVE-2019-18935) in the unpatched versions of Telerik UI of ASP.NET. The campaign deployed the XMRig Monero-mining payload directly in the DDL form of the Windows system. To use the infected computer’s resources for cryptomining.
In April 2020, VictoryGate botnet used USB drives to deploy AutoIt and XMRig on the infected machines. They used the resources available on an extensive network of infected computers for cryptomining.
How Cryptominers Affect The System?
If your computer is infected with crypto-miner then, then you may notice the following symptoms:
- CPU showing 90% usage and very high graphics card usage.
- Additionally, the web browser loads slowly and is consuming lots of CPU resources.
- You may see the random process or unknown running under Task manager window.
- Applications like games, videos and other system programs runs slow and even the screen may crash.
- Delay in opening any program and maximizing/minimizing window too takes time.
- Computer and browser acts too sluggish.
Thus, the presence of cryptominers can affect the hardware and software components like CPU, graphics card and memory drives.
What can you do to stay safe?
- Always check for software and OS updates. Make sure to patch any vulnerability for all the software, firmware, and operating systems you are using as soon as possible.
- Check before installing any browser extensions, and always choose the web stores for the downloads.
- You can also use a trusted ad-blockers while surfing the internet. Many ads and websites have mining scripts embedded that are silently used for mining.
- Make sure you do not download pirated software or click on a malicious ad. As in recent campaign, the Microsoft warns users about the coin miner pushes along with pirated movies download.
- Do not open any shortened link from any unknown source.
- Often hackers send such links in email, messages, and online ads. If you receive an anonymous email, please do not open the email or click on any link in it.
- Do not download files from an unknown sender or external drives before scanning.
- Scan your computer periodically for viruses and malware using a reliable and high-quality antivirus application.
Protect your computer with HitmanPro Now
While, threat actors can exploit the vulnerabilities any time, so it is necessary to have an active anti-virus protection always running on the system. The best one we recommend is HitmanPro.Alert, that will guard your system against all odds.
Secondly, experts advise to keep strong passwords of all online accounts. As the crypto miners can even steal the login credentials of the cryptocurrency wallets and transfer all the funds.
Although, it is very important to enable 2FA on your accounts, and use strong passwords. But to keep the passwords secure you should use a reputable Password Manager tool like Dashlane(Review).
Thus, it is also important to secure your accounts with powerful password manager tool download DashLane Password Manager Now.