Microsoft Windows and Linux users are under immediate threat from LemonDuck malware. This specific threat shows that malware has evolved over the years from infecting devices so that they do not function properly to stealing private and personal data and demanding ransom and now, attackers have even started earning money in the form of cryptocurrency from their victims. Microsoft has now warned users that a well-known cross-platform malware that runs cryptocurrency mining software on victim’s computers is now escalating its operations.
Rise in threat perception: Microsoft recently detailed the LemonDuck malware and its nefarious designs in a post on its Microsoft Security blog by the Microsoft 365 Defender Threat Intelligence team. The malware is capable of infecting and spreading via both Windows and Linux systems and can spread very rapidly across any network to propagate itself on other computers. It can also allow for further attacks that steal users credentials or even the installation of ransomware and other threats.
Also read: Looking for a smartphone? Check Mobile Finder here.
Malware vs Malware: The malware has been active since the past two years, and has evolved and grown even more resilient since then, according to Microsoft. In fact, the malware can even destroy other malware on the system. Microsoft says that the malware also prevents any new infections by “patching” the same vulnerabilities it used to gain access. A cryptocurrency miner is a software used to earn decentralised digital currency (like Bitcoin) by solving a computational problem, using the software on millions of computers could be quite profitable for hackers.
Microsoft illustrates the attack chain from the LemonDuck and LemonCat infrastructures. (Microsoft Security Blog)
What LemonDuck malware does and things users must be aware of: “Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity,” Microsoft explained in the blog, adding that countries like the United States, Russia, China, Germany, the United Kingdom, India, Korea, Canada, France, and Vietnam have seen the most infections so far.
New malware rising: Microsoft also details a second malware variant that it has termed the LemonCat malware that can be used for more dangerous purposes. The LemonCat could have emerged at the start of this year, which means it is a relatively new attack infrastructure. However, Microsoft says that it could have been used to target its Microsoft Exchange Server, which could have led to the installation of backdoors, credential theft and even the delivery of malware.
What users can do to protect themselves from LemonDuck malware: In order for users to stay safe and be protected from this malware, they must make sure their antivirus software (usually Microsoft Defender) is always up-to-date. They must also be wary of installing software from sources outside of the Microsoft Store or opening attachments from unknown senders, as these are common sources of infection by malware like the LemonDuck malware.