Crypto malware LemonDuck targeting Windows, Linux devices

LemonDuck was first discovered in China in 2019 as a cryptocurrency botnet that victimized hokey systems for Monero mining.

According to a new news report from Microsoft 365 Shielder Threat Intelligence Squad, a revamped version of LemonDuck crypto-mining malware is now targeting Windows and Linux devices.

The malware lets terror actors insert backdoors, slip credentials, and conduct a range of malicious activities on the infected systems. This malware is facing pages via exploits, phishing emails, USB devices, and brute military unit attacks in different countries.

"LemonDuck's threat to enterprises is also in the fact that it's a cross-platform threat. It's combined of a few documented bot malware families that mark Linux systems every bit well as Windows devices," warned Microsoft.

Malware Can Consumption Unexampled Exploits

Reported to researchers, the threat actors fanny LemonDuck malware can take advantage of inexperienced exploits near immediately and effectively running game co campaigns. E.g., they used COVID-19 themed lures  in electronic mail-based attacks in 2020. This year, they are keen on exploiting Multiple sclerosis Exchange Server flaws  to access unpatched systems.

Lemonduck's email sample (Image: Microsoft)

Imag: ElectroRat crypto-stealing malware hits MacOS, Windows, Linux devices

LemonDuck is currently targeting users in China, merely it is quickly expanding its malicious activities to the USA, Germany, the United Kingdom, France, Russia, India, Korea, Vietnam, and Canada.

Evolution of LemonDuck

LemonDuck was first discovered in China in 2019 arsenic a cryptocurrency botnet that used affected systems for Monero minelaying. However, it has considerably evolved and has become a highly sophisticated malware strain, Microsoft researchers said in a blog post.

Moreover, the malware activities aren't controlled to crypto mining anymore as it can effortlessly carry out serious surety breaches on vulnerable systems. Approximately of the new-sprung features added to LemonDuck over time let in backdooring, winder certificate theft, disabling security controls, scattering through phishing emails, and making computers vulnerable to new attacks.

Its capability of targeting both Windows and Linux machines has ready-made it more critical than new malware strains unfashionable there.

Lemonduck's attack range (Prototype: Microsoft)

LemonDuck also exploits old vulnerabilities

Interestingly, apart from using new exploits, LemonDuck can successfully exploit cold flaws and helps attackers stay unobserved. Microsoft has ascertained that LemonDuck is on a regular basis exploiting the favorable security vulnerabilities.

CVE-2019-0708 (BlueKeep)

CVE-2017-0144 (EternalBlue)

CVE-2020-0796 (SMBGhost)

CVE-2017-8464 (LNK RCE)

CVE-2021-27065 (ProxyLogon)

CVE-2021-26855 (ProxyLogon)

CVE-2021-26857 (ProxyLogon)

CVE-2021-26858 (ProxyLogon)

"Notably, LemonDuck removes early attackers from a compromised device by getting eliminate competing malware and preventing any brand-new infections away patching the Same vulnerabilities IT wont to advance admittance," researchers wrote.

Did you enjoy reading this clause? Like our page on Facebook and survey us on Chirrup.

Source: https://www.hackread.com/crypto-malware-lemonduck-windows-linux-devices/

Posted by: murraybrounrave.blogspot.com

Share this post