LemonDuck malware

Microsoft issues warning against cryptocurrency malware ‘LemonDuck’

LemonDuck malware
Source: Talos Blog – Cisco Talos

As we already know how important and crucial cryptocurrency mining has become in the recent past, keeping the mined cryptocurrency safe becomes a significant task. Till now, malware and hacker groups were attacking individual systems and companies for data and then ask for ransom in return, but now, unfortunately, a new cryptocurrency malware is looking for ways to ravage your Windows and Linux systems, looking for Cryptocurrency by installing unwanted software on your system.

Microsoft is warning its users about one of these cryptocurrency malware called ‘LemonDuck’ that is installing unwanted software on unsuspecting Windows and Linux systems, forcing them to mine for cryptocurrency without the victim even knowing about any of it and obviously, not getting a penny from the resulting revenue.

According to Microsoft 365 Defender Threat Intelligence Team, the LemonDuck malware finds its way to enter into the target machine through multiple accesses and begin mining for cryptocurrencies. As mentioned in a report by HotHardware, Microsoft confirms that LemonDuck does not just target one Operating System, the main victims of the malware are Windows and Linux-based Personal Computers.

As I said, LemonDuck finds more than once accesses to enter into the target computer and these accesses include USB thumb drives, phishing emails, brute force, and security exploits. Once entered into the system, LemonDuck malware will begin corrupting the system, exploiting multiple vulnerabilities on these systems.

According to HotHardware, Microsoft states that LemonDuck malware can also infect additional computers via “edge-initiated” compromises, both bot-initiated email trails and moving laterally throughout the system. This is a highly dangerous vulnerability that LemonDuck targets in a machine.

Microsoft 365 Defender Threat Intelligence Team says that once LemonDuck enters inside a target computer it can access your Outlook mailbox, as a part of its normal exploitation behavior, that intends to utilize a user’s credentials present on the device. The next step involves sending copies of a phishing message with present texts and attachments to all of your contacts, without your knowledge. Once these phishing emails are sent via your Outlook mailbox, the malware removes all traces of these emails from the system as if the user never sent them.

This method of self-spreading makes LemonDuck a dangerous one to play with and it requires immediate fixing. All of these emails are sent regardless of the Exchange Server.

Sources suggest that LemonDuck initially targeted China and is now spreading rapidly across India, United Kingdom, the United States, Korea, Canada, France, Germany, and Vietnam. The motive behind this attack is to mine for Monero, as mentioned in the report by HotHardware.

Microsoft is urging its users to use Microsoft 365 Defender security solutions to detect and block LemonDuck from their Windows and Linux computers.