When it was first spotted in May, the malware was deploying an XMRig miner on Windows computers infected using weaponized exploits targeting high and critical severity vulnerabilities
or by brute-forcing machines with TCP ports 135 (RPC) and 1433 (MSSQL) open. The new Linux version comes with capabilities similar to the Windows counterpart, including modules designed for cryptojacking and for launching TCP, UCP, and ICMP-based flooding
attacks. Additionally, Lucifer-infected Linux devices can also be used in HTTP-based DDoS attacks (including HTTP GET- and POST-floods, and HTTP ‘CC’ DDoS attacks).
Learn more >