The Devil is Getting Stronger: Lucifer Malware Attacks Linux Devices

Updated: It seems Lucifer malware designed to mine Monero (XMR) is getting stronger. Now, it can affect not only Windows-based computers, but also Linux-based ones.

The new version has capabilities similar to that of the previous version. However, its creators added the function of stealing credentials with the help of the Mimikatz tool. Besides, Lucifer for Linux has new software modules for cryptojacking and performing flooding and DDoS attacks. 

These new capabilities make Lucifer malware more powerful, making researchers concerned. According to the report by NETSCOUT's ATLAS Security Engineering & Response Team (ASERT), it can pose a threat to high-performance, high-bandwidth servers in internet data centers (IDCs).

CoinIdol, a world blockchain news outlet, previously reported that Lucifer used a vulnerability of Windows operating system to infect a PC and install an XMRig to engage it in mining. The malware was first detected back in May 2020 by Unit 42 of Palo Alto Networks research organization. Its specialists even managed to block the first wave of attacks having taken place around June 10. However, criminals updated the malware and launched the second waves of attacks.

Mocking the world

The name chosen for the program is quite symbolic, for Lucifer is really quite a powerful malware, actually more powerful than most known cryptojacking programs. A religious context of the name might witness the rise of criminal activity on the web. Indeed, cases of various cyberattacks have significantly increased since the beginning of 2020.

Thus, Australian Security Centre reported that vulnerabilities in the country’s corporate networks were exploited by a gang of hackers called the Blue Mockingbird to implant XMRig for Monero mining. The country seems to be especially vulnerable to cybercriminals. Previously, the Australian government reported a massive attack with PlugX malware used for espionage. Although there were no official accusations, the country’s officials revealed it might be the work of Chinese state-backed hacking groups, as the two countries had lasting diplomatic issues.  

Besides cyberattacks, Australia has also been vulnerable to other kinds of cryptocurrency-related crimes. As coinidol.com, a world blockchain news outlet reported, the country has lost about $2 billion to various criminal and fraudulent schemes involving digital currencies.

Apocalyptic 2020

Considering the general trend of the year, the symbolism used by Lucifer’s developers seems even more telling. Notably, it considers not only the sphere of cryptocurrency and cybercrime. The COVID-19 pandemic, natural disasters in various countries, global lockdown and crisis - all that prompted many users to create various memes stating that 2020 is an error. If you divide 2020 by 5, you’ll get a 4040 error code, which explains the essence of the year.

Surely, this is just an irony, however, most people would agree that 2020 is not an easy year to survive. Moreover, it would probably take another couple of years to deal with the challenges created this year. In such a context, the appearance of a malware called with the name of the devil seems even logical. It would be even more ironic if its developer’s name is Damien Thorn.