Authors of Satan Monero mining malware, which is commonly known for affecting vulnerable Windows systems, have extended the botnet capability to now target Linux systems. Once a system is infected, the malware uses the device to mine Monero (XMR), a privacy-focused digital currency, by deploying an XMRig miner.
Monero mining malware attacks Linux systems
As Bleeping Computer reported on Wednesday, the new action enabled on the Lucifer Monero mining malware was discovered by Cybersecurity researchers at NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT). Originally, the botnet was dubbed Satan DDoS by the authors. However, researchers renamed it Lucifer DDoS to differentiate it from Satan ransomware.
The researcher said it a hybrid DDoS botnet commonly known for infecting Windows devices to mine cryptocurrency. The malware brute-forced and used weaponized exploits on vulnerabilities to deploy the XMRig miner on Windows systems, when it was first discovered in May by Palo Alto Networks Unit 42 researchers.
However, this same Monero mining malware has been upgraded by the authors to scan and infect Linux systems as well. In addition to that, the malware now has the capability to steal credentials and escalate privileges on the Windows systems. It can also execute cryptojacking, TCP, UCP, and ICMP-based flooding attacks, sais the researchers.
Systems at risks of DDoS attacks
The researchers at NETSCOUT further explained:
“The fact that it can run on Linux-based systems means that it can potentially compromise and make use of high-performance, high-bandwidth servers in internet data centers (IDCs), with each node packing a larger punch in terms of DDoS attack capacity than is typical of most bots running on Windows or IoT-based Linux devices.”
Meanwhile, the cryptocurrency wallet associated with the malware had only $30 worth of Monero when it was initially spotted. The researchers believe that the authors of the malware are looking to mine more of the crypto from additional devices following the upgrade made to it. However, Windows and Linux users can choose to stay safe by adhering to certain security measures, such as OS security updates.