Skip to main content

Windows 10 laptops under attack from scary 'Lucifer' malware: What to do

(Image credit: REDPIXEL.PL / Shutterstock)

Windows 10 has problems of its own at the moment, but naturally the hackers of the world aren't terribly concerned with that and malware attacks continue. 

This latest attack was discovered May 29 by cybersecurity firm Unit 42, who dubbed it "Lucifer" and report that the malware in question is taking over Windows devices and using them both to mine cryptocurrency and play a role in DDoS attacks (via Tom's Guide).

How does the 'Lucifer' malware work?

As malware goes this one is pretty straightforward, it is scanning for open ports and then carrying out a brute force attack on the Windows systems that it targets, which means it's attempting to get in with frequently used usernames and passwords. The Unit 42 team is quick to point out that it is "quite powerful in its capabilities" and "well-equipped with all kinds of exploits against vulnerable Windows hosts."

An initial wave of the malware was running until June 10 and then on June 11 a new and improved version was rolled out that is still spreading at the moment. The malware is self-propagating once it is inside a network using a number of tools that were taken from the NSA including EternalBlue, EternalRomance, and DoublePulsar.

None of the techniques being employed by Lucifer are unique, but they are taking advantage of established exploits and using them for cryptomining Monero (XMR) and as part of a network for carrying out DDoS attacks.

Who is at risk?

The primary target for Lucifer is enterprise servers as this naturally can deliver it an entire network for devices if successful, but it is also a threat to individual PCs. 

The full list of software vulnerable to the Lucifer malware according to Unit 42 includes "Rejetto HTTP File Server, Jenkins, Oracle Weblogic, Drupal, Apache Struts, Laravel framework, and Microsoft Windows."

What do you need to do?

There are a few ways to keep yourself secure from the Lucifer malware, the first is simply to not use common or dictionary passwords. This alone would prevent the brute force attack that gets the malware in the door. 

Second is to make sure that your software is up-to-date, many of the vulnerabilities that the malware is taking advantage of have already been patched, its creators are simply relying on a sufficient number of systems not having been updated.

Finally you can also take a look at some of the best antivirus software on the market, which in the event that your system was already infected would find and eliminate it.