Microsoft Warns Of Strange Malware Targeting Windows, Linux

Share post:

The LemonDuck crypto mining malware, which targets both Windows and Linux systems, spreads through phishing emails, exploits, USB devices, and brute force attacks, including attacks targeting critical on-premise Exchange Server vulnerabilities that were uncovered in March.

According to Microsoft, LemonDuck first hit China hard and has now spread to the U.S., Russia, Germany, the U.K., India, Korea, Canada, France and Vietnam. It mainly attacks computer systems in the manufacturing and IoT sectors.

LemonDuck uses automated tools to scan, detect and exploit servers before loading payloads such as the Cobalt Strike pen-testing kit – a lateral motion tool – and web shells, allowing malware to be installed in additional modules.

The group behind LemonDuck exploits high-profile security bugs by exploiting older vulnerabilities at a time when security teams are focused on fixing critical bugs and removing competing malware.

The group is said to be using Exchange bugs to mine for cryptocurrency in May, two years after it began operations.

LemonDuck got its name from the variable “Lemon _ Duck” in a PowerShell script that acts as a user agent to track compromised devices.

Vulnerabilities that could be considered for a first compromise include CVE-2017-0144 (EternalBlue), CVE-2017-8464 (LNK RCE), CVE-2019-0708 (BlueKeep), CVE-2020-0796 (SMBGhost), CVE-2021-26855 (ProxyLogon), CVE-2021-26857 (ProxyLogon), CVE-2021-26858 (ProxyLogon), and CVE-2021-27065 (ProxyLogon).

For more information, read the original story in ZDNet.

SUBSCRIBE NOW

Related articles

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Starbucks Forced to Pay Baristas Manually After Ransomware Attack

A ransomware attack on Blue Yonder, a third-party scheduling software provider, has disrupted Starbucks’ ability to manage employee...

Google Launches Free Cybersecurity Certificate for Entry-Level Jobs

Google has introduced a new Cybersecurity Professional Certificate, aimed at preparing students for entry-level roles in just six...

Critical Vulnerability Leaves Millions Of Sites Vulnerable To Takeover

A severe authentication bypass vulnerability has been discovered in the WordPress plugin "Really Simple Security" (formerly *Really Simple...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways