Lucifer cryptomining DDoS malware now targets Linux systems

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,154
Content source
https://www.bleepingcomputer.com/news/security/lucifer-cryptomining-ddos-malware-now-targets-linux-systems/
A hybrid DDoS botnet known for turning vulnerable Windows devices into Monero cryptomining bots is now also scanning for and infecting Linux systems.

Besides adding Linux targeting support, Lucifer's creators have also expanded the Windows version's capabilities to steal credentials and escalate privileges using the Mimikatz post-exploitation tool.

As detailed in a report published today by researchers at NETSCOUT's ATLAS Security Engineering & Response Team (ASERT), the Linux port displays the same welcome message as the Windows variant.

The new Linux version comes with capabilities similar to the Windows counterpart, including modules designed for cryptojacking and for launching TCP, UCP, and ICMP-based flooding attacks.

Additionally, Lucifer-infected Linux devices can also be used in HTTP-based DDoS attacks (including HTTP GET- and POST-floods, and HTTP ‘CC’ DDoS attacks).

"The fact that it can run on Linux-based systems means that it can potentially compromise and make use of high-performance, high-bandwidth servers in internet data centers (IDCs), with each node packing a larger punch in terms of DDoS attack capacity than is typical of most bots running on Windows or IoT-based Linux devices," the NETSCOUT researchers explained.
Click to expand...
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, shmu26, upnorth and 3 others
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Netscouts reported IOCs was a bit messy posted IMO. Cleaned and added urls in the spoiler for those interested.

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
More IOCs from Unit42 :
unit42.paloaltonetworks.com

Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices

A new hybrid malware capable of cryptojacking and launching DDoS was discovered in the wild, named "Lucifer."
unit42.paloaltonetworks.com unit42.paloaltonetworks.com
 
  • Like
  • Thanks
Reactions: Gandalf_The_Grey, silversurfer, harlan4096 and 1 other person
You must log in or register to reply here.

Similar threads

Orchid
    • Like
New Mirai malware variant infects Linux devices to build DDoS botnet
Replies
5
Views
588
News Archive
MuzzMelbourne
MuzzMelbourne
silversurfer
    • Like
    • +Reputation
    • Applause
New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner
Replies
0
Views
592
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • Like
    • +Reputation
Cybersecurity researchers take down DDoS botnet by accident
Replies
1
Views
733
News Archive
shivam90
S

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top