Microsoft alerted its customers about a cryptomining malware threat named LemonDuck, which is targeting both Windows and Linux systems.
What has happened?
According to researchers, the group behind the LemonDuck malware was found abusing Exchange bugs to mine for cryptocurrency in May.
- It is spreading via phishing emails, USB devices, brute force attacks, and exploits.
- It first targeted China and subsequently, spread to other countries such as the U.S, Canada, Russia, India, the U.K, Korea, Vietnam, France, and Germany, while focussing on IoT and manufacturing sectors.
Attack techniques
- The malware targets older vulnerabilities at a time when industries are more focused on patching new, popular vulnerabilities.
- It abuses multiple flaws such as CVE-2017-0144, CVE-2017-8464, CVE-2019-0708, CVE-2020-0796, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.
- It attempts to replace other competitive malware from an infected device and patches the vulnerabilities it abused to gain access.
- Moreover, the malware used automated tools for scanning, detecting, and exploiting servers before deploying payloads to install other modules.
Earlier this year, the LemonDuck gang had shifted its tactics in the later stage of its attack to manual hacking.
Conclusion
Experts say LemonDuck is a versatile threat targeting top companies in the manufacturing and IoT sectors worldwide. The recent upgrades in this cross-platform threat indicate that its developers are determined to make a dent in the current threat landscape.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_321498155.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_75977353_MEDIUM.jpg)
