Lucifer Malware on Linux

August 25, 2020
lucifer malware linux botnet antimalware spear phishing email

With its sudden popularity and discovery in May 2020, Lucifer botnet malware again makes noise within the Cybersecurity community. A new report has confirmed that the latest update of the malware becomes more lethal as this can now infect a network that uses the Linux Operating system. With it already being a powerful tool for the unknown adversary, having the added feature will plainly put it on top of the pedestal of many possible threats.

Lucifer malware has gained the attention of the cybersecurity experts due to its sophisticated and stealthily way of infecting targeted devices and using it for their principal operation for crypto mining and widespread of distributed denial-of-service (DDoS) attack for the benefit of the unknown adversary.

According to the pieces of evidence submitted, the malware is either delivered through brute force penetration on spear-phishing emails or embedded with the aid of java scripting to redirect the website controlled by the adversaries. Though the process of infection is very tedious, the operation is said to have a high ratio of successful outcomes. The ingenuity of the different phases of the process of disease is well crafted and planned to avoid being detected by any installed security or anti-malware program. Lest it uses a file-less attack that routinely scanning cannot track as it is stored on the targeted device memory. As it comes with a self-extraction and installation functionality, once operational on the system memory, it will now scan for open or vulnerable ports on the compromised device with which it will contact the adversary to let them know the device configuration and will also be the gateway to send command and control codes from the adversaries.

Compromised devices are added to the bot networks of the adversaries whose current main goal now is to become a miner for cryptocurrency. Threat actors are leaning away for DDoS attacks as ransomware for this may cause them to be tracked down by the law authority. While using their botnet for crypto mining ensures their anonymity.


Lucifer Malware as a cyber threat

With Lucifer botnet malware being able to infect Linux based devices, the cyber community is dreaded as most high-end servers that are used by large businesses and government organizations may be unknowingly used as miners for the cryptocurrency operation. Not only for the possibility that it can cause large scale DDoS in which adversaries may profit more for blood money ransom and data exfiltrated from the victim may be sold out for tantamount money in the black market.

Moreover, the report was released for the sole purpose of awareness to the cyber community, especially the security administrator for the new threat that is consistently evolving and becomes more lethal and flexible targeting different technology platforms. This way, they can already make plans of mitigation for possible infection and/or be free of its intrusion.

About the author

Leave a Reply