Hybrid Malware 'Lucifer' Includes Cryptojacking, DDoS Capabilities

A recently identified piece of cryptojacking malware includes functionality that enables its operators to launch distributed denial of service (DDoS) attacks, Palo Alto Networks reports.

Dubbed Lucifer, the malware was first observed on May 29, as part of a campaign that is still ongoing, but which switched to an upgraded variant on June 11.

The threat was designed to drop XMRig for mining Monero, it can propagate on its own by targeting various vulnerabilities, is capable of command and control (C&C) operations, and drops and runs EternalBlue, EternalRomance, and the DoublePulsar backdoor on vulnerable targets for intranet infections.

Lucifer, Palo Alto Networks security researchers reveal, targets a long list of critical and high-severity vulnerabilities, in software such as Rejetto HTTP File Server, Jenkins, Oracle Weblogic, Drupal, Apache Struts, Laravel, and Windows.

Targeted security flaws are CVE-2014-6287, CVE-2018-1000861, CVE-2017-10271, CVE-2018-20062, CVE-2018-7600, CVE-2017-9791, CVE-2019-9081, PHPStudy Backdoor RCE, CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464.

Successful exploitation of these bugs provides attackers with the ability to execute code on the target machines. Although software updates to address these issues have been available for some time, many systems remain unpatched and exposed to attacks.

The malware contains three resource sections, each ..