Researchers at Palo Alto Networks' Unit 42 discovered a new variant of a powerful cryptojacking and DDoS-based malware, called Lucifer, which infects Windows machines by exploiting their vulnerabilities.
The malware scans for open TCP ports 135 (RPC) and 1433 (MSSQL) and uses credential-stuffing attacks to gain access.
After infecting the machine, the malware drops the XMRig program to covertly mine for the Monero cryptocurrency.
In addition, Lucifer connects to a command-and-control server to receive commands, transfer stolen system data, and inform operators of the status of the Monero cryptocurrency miner.
Lucifer also tampers with the Windows registry to schedule itself as a task at startup and checks for the presence of sandboxes or virtual machines to evade detection or reverse engineering.
The researchers recommend applying updates and patches to the affected software.
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found