Security News > 2021 > July > Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns.

"LemonDuck, an actively updated and robust malware that's primarily known for its botnet and cryptocurrency mining objectives, followed the same trajectory when it adopted more sophisticated behavior and escalated its operations," Microsoft said in a technical write-up published last week.

Another tactic of note is its ability to erase "Other attackers from a compromised device by getting rid of competing malware and preventing any new infections by patching the same vulnerabilities it used to gain access."

Attacks incorporating LemonDuck malware have been primarily focused on the manufacturing and IoT sectors, with the U.S, Russia, China, Germany, the U.K., India, Korea, Canada, France, and Vietnam witnessing the most encounters.

Microsoft outed the operations of a second entity that relies on LemonDuck for achieving "Separate goals", which the company codenamed "LemonCat." The attack infrastructure associated with the "Cat" variant is said to have emerged in January 2021, ultimately leading to its use in attacks exploiting vulnerabilities targeting Microsoft Exchange Server.

Subsequent intrusions taking advantage of the Cat domains resulted in backdoor installation, credential, and data theft, and malware delivery, often a Windows trojan called Ramnit.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/UbLN9-5JQ3k/microsoft-warns-of-lemonduck-malware.html