LemonDuck has been spread through phishing emails, exploits, and USB devices, and Windows and Linux users have been warned. Microsoft had a few words to say about the potential harm.
Lemon Duck has been in China since May of this year.
The malware has spread to a number of other countries and its functionality is rapidly evolving. Other threat actors on the system being targeted can be removed.
Malware has been discovered that mines cryptocurrency on Windows and Linux operating systems. LemonDuck malware is gaining a bad reputation for its attack potential as a result of its ability to spread quickly across multiple platforms.
Microsoft recently published a blog post about the ever-changing threat. LemonDuck, described as “actively updated and robust malware,” is best known for its botnet and cryptocurrency mining activities, according to the post. LemonDuck can install cryptocurrency mining tools on a system in order to illegally mine cryptocurrency.
The malware has evolved to steal credentials, disable security controls, and spread deep into a system using more sophisticated tools. It is unusual for Linux and Windows devices to be infected. According to Microsoft, this is a serious threat to enterprise environments where both operating systems are typically used in tandem.
LemonDuck is designed to exploit both old and new vulnerabilities in these systems. When developers are focused on patching new or popular vulnerabilities rather than investigating compromise, malware threat actors will be able to successfully use malware.
It fixes the vulnerabilities it used to gain access to a system. LemonDuck is able to keep its target system safe from infection because it can defend against infection from any other source. This programme also removes any other malware that may be present on a compromised device. Despite remaining hidden, the attacker now has unprecedented control over a virus-infected device.
LemonDuck gains access to a new target via a variety of channels. Phishing emails, exploits, and USB devices are also used to spread it. Microsoft has even discovered instances of Covid-19-themed email attacks being used to spread the malware.
According to Check Point Software Technologies’ Customer Success Director Prakash Bell, based on the current threat landscape, antivirus and intrusion prevention systems (IPS) can only keep that many signatures. This is especially true for difficult-to-detect cross-platform threats.
As a result, comprehensive safeguards must be implemented to prevent such attacks from occurring in the first place. Microsoft promises to provide the same level of service when using Microsoft 365 Defender. In a similar vein, Check Point asserts the same thing. Until that time, PC users should take basic online security precautions, such as using only applications from trusted sources and avoiding spam emails.