Sign In

Communications of the ACM

ACM TechNews

Lucifer: Devilish Malware That Abuses Critical Vulnerabilities on Windows Machines

View as: Print Mobile App Share:
Digital security experts warn against Lucifer malware that attacks Windows.

The digital security company Unit 42 recently released a document warning of a new format of malware that affects Windows PCs.

Credit: Nupgrade

Researchers at Palo Alto Networks' Unit 42 discovered a new variant of a powerful cryptojacking and DDoS-based malware, called Lucifer, which infects Windows machines by exploiting their vulnerabilities.

The malware scans for open TCP ports 135 (RPC) and 1433 (MSSQL) and uses credential-stuffing attacks to gain access.

After infecting the machine, the malware drops the XMRig program to covertly mine for the Monero cryptocurrency.

In addition, Lucifer connects to a command-and-control server to receive commands, transfer stolen system data, and inform operators of the status of the Monero cryptocurrency miner.

Lucifer also tampers with the Windows registry to schedule itself as a task at startup and checks for the presence of sandboxes or virtual machines to evade detection or reverse engineering.

The researchers recommend applying updates and patches to the affected software.

From ZDNet
View Full Article


Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


No entries found