This new botnet has recruited an army of Windows devices

News
By published

Lucifer malware leverages old vulnerabilities to infect users' systems

(Image credit: Shutterstock / Jaiz Anuar)

A new botnet is exploiting close to a dozen high and critical-severity vulnerabilities in Windows systems to turn them into cryptomining clients as well as to launch DDoS attacks.

The malware behind the botnet has been given the name Satan DDoS though security researchers have taken to referring to its as Lucifer in order to avoid confusion with the Satan ransomware.

Palo Alto Networks' Unit 42 began looking into the botnet after the company's researchers discovered it while following multiple incidents involving the exploitation of a critical vulnerability in a component of the Laravel web framework which can lead to remote code execution.

At first the Lucifer malware was believed to be used to mine the cryptocurrency Monero. However, it later become apparent that the malware also contains a DDoS component as well as a self-spreading mechanism that uses severe vulnerabilities and brute-forcing to its advantage.

Lucifer malware

In a blog post, Unit 42 provided further details on just how powerful the capabilities of the Lucifer malware are, saying:

“Lucifer is quite powerful in its capabilities. Not only is it capable of dropping XMRig for cryptojacking Monero, it’s also capable of command and control (C2) operation and self-propagation through the exploitation of multiple vulnerabilities and credential brute-forcing. Additionally, it drops and runs EternalBlue, EternalRomance, and DoublePulsar backdoor against vulnerable targets for intranet infections.”

The operators behind Lucifer have weaponized exploits for 11 different vulnerabilities which have all since been patched. However, cybercriminals often leverage older vulnerabilities to prey on users who have yet to patch their systems.

The latest version of the botnet malware also includes anti-analysis protection which allows it to check the user and computer name of an infected machine before carrying out its operations. If any names are found that correspond with analysis environments, the malware stops.

To protect against Lucifer, businesses and individuals should keep their software updated with the latest patches and use strong passwords.

Via BleepingComputer

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
Latest in News
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
More about security
ThreatLocker CEO Danny Jenkins speaking at ZTW25

“It’s made our jobs harder, not easier” - ThreatLocker CEO Danny Jenkins on AI
China

Chinese hackers targeting Juniper Networks routers, so patch now
Google Gemini Robotics

Gemini just got physical and you should prepare for a robot revolution
See more latest
Most Popular
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Mac Studio on a desk
I compared Apple's Mac Studio M3 Ultra with 10 Windows workstations and I am truly shocked by what I found
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
China
Chinese hackers targeting Juniper Networks routers, so patch now
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Bolt Zeus 2c26-032 PCIe card
This GPU vendor I've never heard of claims its card is 10x faster than an Nvidia RTX 5090 at real time path tracing
Google Meet create custom backgrounds
More AI features are coming to Google Workspace
A mockup of the possible Apple M3 Ultra logo
Performance isn't the only reason you should buy Apple's M3 Ultra Mac Studio - it's reportedly one of the most power-efficient processors too
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try