- Researchers have discovered a new malware dysfunction which mainly hijacks the Windows device to mine cryptocurrencies.
- The harmful DDoS attacks can happen through this recent malware strain.
- Palo Alto Networks is a cybersecurity company and has initially named this malware as ‘Lucifer.’
Security experts and researchers have discovered a new malware dysfunction that has the potential to hijack the Windows device to mine cryptocurrencies mainly. Hence, the harmful DDoS attacks can happen through this recent malware strain.
The discoverers of this malware strain are at the Palo Alto Networks Unit 42. Palo Alto Networks is a cybersecurity company and has initially named this malware as ‘Lucifer.’ Unit 42 was investigating CVE-2019-9081. Moreover, They are looking for a dysfunctionality in the open-source web-application-development Laravel Framework that allows perpetrators to execute remote-code-execution attacks.
MAINLY TARGETS ENTERPRISE SERVERS
This new Ransomware hacks into the Windows devices by matching common names and easy passwords, that used all over the port. The malware can affect our personal computers. However, it targets the enterprise networks because they can provide a door to the corporate servers. However, The researchers at Unit 42 wrote in their blog post that they have the power to conduct the dangerous DDoS attacks and have all the required equipment of exploitation against any Windows device.
UNIT 42 FOUND A VARIETY OF 6 DIFFERENT DOCKER IMAGES:
The researchers also found six different Docker images, which contained the XMRig crypto miner. This enabled the hackers to get into and change the Docker containers and mine Monero. This particular Docker Hub created in October 2019 and used for circulating images, and the official repository downloaded over 2 million times. CVE-2014-6287, CVE-2018-1000861, CVE-2017-10271, ThinkPHP RCE vulnerabilities (CVE-2018-20062), CVE-2018-7600, CVE-2017-9791, CVE-2019-9081. And PHPStudy Backdoor RCE, CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464 are the bunch of exploits used by the Ransomware.
Additionally, The malware strain also maximizes the existing vulnerabilities and spreads them to conduct all the nefarious activities. Hence, It is a new hybrid version of cryptojacking Ransomware. Rejetto HTTP File Server, Oracle Weblogic, ThinkPHP RCE, Apache Struts, Laravel Framework, and Microsoft Windows CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464 are some of the vulnerabilities targeted by the Ransomware.
USERS ADVISED TO INSTALL LATEST PATCHES AND SECURITY UPDATES:
To mitigate these attacks, users urged to install the latest updates and patches. To protect your PCs or Laptops from Lucifer, it is important to set a strong username and a unique password. Moreover, malware tends to have a weak and common username and password. However, Another important thing is that people can install good antivirus software that can right away wipe any traces of Lucifer.