Security News > 2020 > June > Hybrid Malware 'Lucifer' Includes Cryptojacking, DDoS Capabilities
A recently identified piece of cryptojacking malware includes functionality that enables its operators to launch distributed denial of service attacks, Palo Alto Networks reports.
The malware enables itself with debug privilege and begins operation by launching several threads.
For propagation, the malware scans for open TCP ports 135 and 1433 and attempts to gain access by trying commonly used credentials, uses Equation Group exploits, or uses HTTP requests to probe for external, exposed systems.
After all worker threads are launched, the malware enters an infinite loop to handle C&C operation.
"Lucifer is a new hybrid of cryptojacking and DDoS malware variant that leverages old vulnerabilities to spread and perform malicious activities on Windows platforms. Applying the updates and patches to the affected software [is] strongly advised," Palo Alto Networks concludes.