During the former GPU shortage, cryptocurrency mining was all the rage. There was also "cryptojacking" malware that attempted to steal computing resources from infected PCs, often to be used for Monero mining. For a long time, there was no major concern about this. However, security researchers at Unit 42 have discovered new self-propagating malware that is a variant of older cryptojacking code.

The researchers named this malware "Lucifer," noting that the malware's author named it "Satan DDoS."

Whatever you call it, according to the researchers, this malware is "extremely powerful in its capabilities" and goes beyond unauthorized cryptocurrency mining. It also facilitates distributed denial-of-service (DDoS) attacks and can spread through computer networks using various exploits (like EternalBlue) developed by and stolen from the US National Security Agency.

The attacks come in waves. The first one ended on June 10, 2020, but a second wave began the next day with an upgraded version "wreaking havoc." This second campaign is ongoing.

Business organizations are most likely at risk, in part because they do not keep their security patches up to date. However, Lucifer exploits a variety of vulnerabilities that also affect home PCs. [While the vulnerabilities and attack tactics exploited by this malware are not novel, they are a reminder that it is extremely important to keep systems up-to-date whenever possible, eliminate weak credentials, and have a solid layer of defense," the researchers said.

The best defense against Lucifer is to make sure Windows is fully patched with the latest updates. And a second line of defense is to use strong passwords for Windows logins. This is because Lucifer tries to break into Windows systems by brute force. That is, bombard the PC with commonly used login usernames (e.g., administrator) and passwords (e.g., 123123).

ThreatPost