25. July 2021

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

Initially, it was mainly a crypto-monetary botnet that allowed machine mining but later a transformation was initiated to make it a malware loader, bringing us to Microsoft’s current update on this malevolent digital duck loaded with citrus. 

Microsoft warns users that LemonDuck’s crypto-mining malware is aimed at both Windows and Linux, and distributes itself by phishing, exploiting, USB, and brute-force operations and attacks that exploit a serious vulnerability on the Exchange Server detected in March. 

In May, two years after the first bug appeared, the organization was found to be employing Exchange bugs for cryptocurrencies mining. 

Notably, throughout the period where security teams concentrate on correcting severe faults, and even eradicating competing spyware, the group behind LemonDuck makes use of high-profile weaknesses to protect the security system. 

The repercussions may be grave if one is attacked by the LemonDuck. Thus according to Microsoft, LemonDuck’s capabilities include the robbing of key Windows and Linux PC credentials as well as the removal of security controls that make the system defenseless; email spreading (probably spearphishing attempts); and the reinstallation in devices to facilitate further execution of remote code (RCE) through back doors. 

Malware research teams from Cisco’s Talos have indeed scoped the group’s exchange activity. They observed that before loading payloads such as the Cobalt strike pentesting

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: LemonDuck Targets Windows and Linux Systems