After Windows, Lucifer malware returns to haunt Linux devices

Lucifer malware is capable of conducting DDoS attacks and mine Monero cryptocurrency from targeted devices.


Just under a month ago, we covered how “Lucifer” – a malware discovered by Palo Alto Networks’ Units 42 researchers was haunting Windows-based devices by exploiting vulnerabilities and conducting DDoS attacks. 

This also involved mining the Monero cryptocurrency on the victim’s devices. Now in the latest, it turns out that the malware has returned but this time with support for Linux based systems as well.

Reported by NETSCOUT; in addition to the features found in the Windows version such as cryptojacking, the new Linux version contains capabilities that enable it to steal user credentials using a tool named MIMIKATZ.

Furthermore, TCP, UCP, ICMP, and HTTP-based DDoS attacks can also be launched along with spoofing the IP addresses of the attack packets to hide their source.

The real question nonetheless is, what makes the tool on Linux all the more dangerous though?


Answering this, the researchers explained that access to Linux machines allows the malware to utilize systems with much higher performance & bandwidth in “internet data centers (IDCs), with each node packing a larger punch in terms of DDoS attack capacity,” something that isn’t often seen on Windows devices.

Therefore, this presents the opportunity for the attackers to conduct much more lethal DDoS attacks.

To conclude, this is more of a trend that we see over time with malware tools extending their reach from one operating system to another in order to broaden their victim net.

Knowledge and experience of combatting the Lucifer tool in Windows systems will certainly help cybersecurity researchers but more work may be needed to fight the newly added features. In the future though, we can expect to see even more expansion of the malware as the researchers state,

As IoT devices are almost always based on various Linux distributions, it would not be a huge stretch to see Lucifer recompiled to run on IoT-based devices and include common IoT vulnerabilities as an infection method.


To Top

Pin It on Pinterest

Share This