Security News > 2021 > July > Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems
An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns.
"LemonDuck, an actively updated and robust malware that's primarily known for its botnet and cryptocurrency mining objectives, followed the same trajectory when it adopted more sophisticated behavior and escalated its operations," Microsoft said in a technical write-up published last week.
Another tactic of note is its ability to erase "Other attackers from a compromised device by getting rid of competing malware and preventing any new infections by patching the same vulnerabilities it used to gain access."
Attacks incorporating LemonDuck malware have been primarily focused on the manufacturing and IoT sectors, with the U.S, Russia, China, Germany, the U.K., India, Korea, Canada, France, and Vietnam witnessing the most encounters.
Microsoft outed the operations of a second entity that relies on LemonDuck for achieving "Separate goals", which the company codenamed "LemonCat." The attack infrastructure associated with the "Cat" variant is said to have emerged in January 2021, ultimately leading to its use in attacks exploiting vulnerabilities targeting Microsoft Exchange Server.
Subsequent intrusions taking advantage of the Cat domains resulted in backdoor installation, credential, and data theft, and malware delivery, often a Windows trojan called Ramnit.
News URL
Related news
- Microsoft fixes Linux boot issues on dual-boot Windows systems (source)
- Microsoft open-sources Windows Subsystem for Linux at Build 2025 (source)
- Microsoft's killing script used to avoid Microsoft Account in Windows 11 (source)
- Microsoft tests new Windows 11 tool to remotely fix boot crashes (source)
- New Windows 11 trick lets you bypass Microsoft Account requirement (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Microsoft adds hotpatching support to Windows 11 Enterprise (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft starts testing Windows 11 taskbar icon scaling (source)
- Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option (source)