Symantec cybersecurity experts: The malware deployment is preceded by a reconnaissance with the AdFind tool. The victims are large organizations.
Netscout cyber security experts: Lucifer now targets also Linux systems. The cryptojacking and DDoS malware includes additional tools and a port to the operating system. The bot supports TCP, UCP, ICMP, and HTTP-based attacks
Lucifer now targets also Linux systems. It has been discovered by Netscout cyber security experts. The cryptojacking and distributed denial of service (DDoS) malware originally found to exploit and run on Windows based systems and first reported by Palo Alto Networks’ Unit42, now includes additional tools and a port to the operating system. The bot has new PE sources, which included the popular credential stealing tool MIMIKATZ, further increasing it’s ability to infect systems and increase its footprint. The researchers also uncovered a Linux version with cryptojacking and DDoS capabilities that were similar to its Windows counterpart. It supported TCP, UCP, ICMP, and HTTP-based DDoS attacks. It appears the cybercrime authors continue test and deploy new versions of the malicious code, further extending its capabilities.