Since May 2019, LemonDuck has been publicly active in China. Rapidly evolving malware has now spread to many other countries. It can potentially eradicate the existence of any other threat actor that might be existing on its targeted system.
A new malware has been targeting Windows and Linux OS to exploit their computing resources for cryptocurrency mining purposes. LemonDuck is the malware becoming known for its ability to spread across platforms quickly to maximize its attacking ability.
The malware has been highlighted in a Microsoft blog post recently. As per the post, LemonDuck is an “actively updated and robust malware.” It is known for its botnet and cryptocurrency mining activities. Once enters a system, LemonDuck can install cryptocurrency mining tools onto it that use its processing power to illegally mine cryptocurrency.
The malware has now evolved to steal credentials, pull off security controls, and penetrate the system to enable the threat actor to use more complex tools. Moreover, it can infect both Linux and Windows devices – rare property. So, Microsoft recognizes it as a serious threat to enterprise setups where mostly, both the OS are working in tandem.
Along with new or popular vulnerabilities, LemonDuck also targets old vulnerabilities in these systems. Thus the threat actor can use the malware successfully when the developers’ focus is on patching a more popular vulnerability instead of investigating compromise.
Once it enters the system, the malware patches the vulnerabilities that it exploited to gain access. Thus LemonDuck can potentially prevent infection of its target system from any other source. It even removes any other malware from an infected device. The attacker thus has exceptional control over an infected device secretly.
LemonDuck uses various ways to access a new target. It can spread through phishing emails, exploits, USB devices, and likes. Microsoft has even discovered instances wherein the developers were spreading the malware using Covid-19 themed email attacks.
LemonDuck was first discovered active in China in May 2019. Since then, it has spread in many other countries like the United States, India, Korea, Canada, Russia, China, Germany, the United Kingdom, France, and Vietnam as the most active zones. The malware mainly targets enterprises from the manufacturing and IoT sectors, usually owning many computers and hence, processing power.
According to Prakash Bell, who heads Customer Success at Check Point Software Technologies, “Signature-based security technologies such as antivirus and intrusion prevention systems (IPS) can only sustain that many signatures based on the current threat landscape. Detection technologies are too limited in stopping such threats, esp. when they are also cross-platform.”
Thus, there should be detailed checks to stop such attacks. Microsoft ensures to provide the same through its Microsoft 365 Defender. Check Point also claims it. Till then, regular PC users are advised to follow the basic security checks online. One should use applications only from trusted sources, avoid falling for phishing emails too.