Security researchers have discovered a new cryptomining campaign called Lucifer that targets Apache and in particular the software libraries Hadoop and Druid, which are popular with many users.
To do this, the attackers exploit existing misconfigurations and vulnerabilities. The active campaign uses a new variant of a well-known DDoS botnet focused on vulnerable Linux systems. The malware is known as “Lucifer” and, once compromised, uses infected Apache servers to mine the cryptocurrency Monero. The cybercriminals behind Lucifer focus on the Apache libraries Hadoop and Druid, which are very popular with developers, and use existing security gaps or misconfigurations to compromise them.
Sharp increase in attacks
Team Nautilus was able to find the first attacks with Lucifer in its honeypots, which took place as early as July 2023. The team suspects that these are tests conducted by the attackers to evaluate techniques to bypass defenses and evade detection of the malware. Over the last year, security experts have observed a steady increase in attacks. In the last month alone, over 3.000 different attacks were detected.
More at AquaSecurity.com
About Aqua Security Aqua Security is the largest pure cloud native security provider. Aqua gives its customers the freedom to innovate and accelerate their digital transformation. The Aqua platform provides prevention, detection, and response automation across the application lifecycle to secure the supply chain, cloud infrastructure, and ongoing workloads—regardless of where they are deployed.
Matching articles on the topic