An cross-platform crypto-mining malware continues to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns.
“LemonDuck, is an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, followed the same trajectory when it adopted more sophisticated behavior and escalated its operations,” Microsoft said in a recent write-up published earlier this week. “Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.”
The malware is notorious for its ability to propagate rapidly across an infected network to facilitate information theft and turn the machines into cryptocurrency mining bots by diverting their computing resources to illegally mine cryptocurrency. LemonDuck also acts as a loader for follow-on attacks that involve credential theft and the installation of next-stage implants that could act as a gateway to a variety of malicious threats, including ransomware.
Attacks incorporating LemonDuck malware have been primarily focused on the manufacturing and IoT sectors, with the U.S, Russia, China, Germany, the U.K., India, Korea, Canada, France, and Vietnam witnessing the most encounters.
If you have a MSP or an IT Department that is maintaining their due diligence as well as using products such as firewalls, EDR, and endpoint antivirus protection. Then patching and updates are the bare minimum needed to help keep variants like LemonDuck and it’s predecessor LemonCat out of your network.
For more information or support on your infrastructure and security, feel free to reach out to our Bastionpoint Sales Team at 804-612-9876 x113