Microsoft Warns Of Strange Malware Targeting Windows, Linux

Share post:

The LemonDuck crypto mining malware, which targets both Windows and Linux systems, spreads through phishing emails, exploits, USB devices, and brute force attacks, including attacks targeting critical on-premise Exchange Server vulnerabilities that were uncovered in March.

According to Microsoft, LemonDuck first hit China hard and has now spread to the U.S., Russia, Germany, the U.K., India, Korea, Canada, France and Vietnam. It mainly attacks computer systems in the manufacturing and IoT sectors.

LemonDuck uses automated tools to scan, detect and exploit servers before loading payloads such as the Cobalt Strike pen-testing kit – a lateral motion tool – and web shells, allowing malware to be installed in additional modules.

The group behind LemonDuck exploits high-profile security bugs by exploiting older vulnerabilities at a time when security teams are focused on fixing critical bugs and removing competing malware.

The group is said to be using Exchange bugs to mine for cryptocurrency in May, two years after it began operations.

LemonDuck got its name from the variable “Lemon _ Duck” in a PowerShell script that acts as a user agent to track compromised devices.

Vulnerabilities that could be considered for a first compromise include CVE-2017-0144 (EternalBlue), CVE-2017-8464 (LNK RCE), CVE-2019-0708 (BlueKeep), CVE-2020-0796 (SMBGhost), CVE-2021-26855 (ProxyLogon), CVE-2021-26857 (ProxyLogon), CVE-2021-26858 (ProxyLogon), and CVE-2021-27065 (ProxyLogon).

For more information, read the original story in ZDNet.


Related articles

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Former OpenAI employee alleges plan for AGI bidding war

In a recent interview, former OpenAI safety researcher Leopold Aschenbrenner made startling claims about his ex-employer's strategy regarding...

Malicious code in millions of installs traced to Microsoft Visual Studio

A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace,...

Cyber Security Today, June 10, 2024 – Microsoft backs down on Recall

Microsoft backs down on Recall. Welcome to Cyber Security Today. It's Monday, June 10th, 2024. I'm Howard Solomon, contributing...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways