LemonDuck is a cryptocurrency mining malware that infects Linux and Windows systems. The methods by which this malware spreads are numerous and varied, so caution is advised.
A computer can be infected through an email, a USB device, or malicious attacks.
“LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.” – Microsoft
According to Microsoft, this malware began in China but has since moved to the United States, Russia, France, Canada, and several other nations.
Experts warn that LemonDuck malware takes advantage of “pathogens” and flaws that have long been on Windows and Linux computers but have yet to be fixed.
Lemon Duck’s recently observed alterations in TTPs show that the gang is still actively involved in assaulting enterprises. Furthermore, the group is maximising its ability to achieve its objectives. As a result, enterprises must remain cautious against this threat and employ dependable anti-malware protections.
Lemon Duck is causing more havoc than ever before. Initially, it was largely a bitcoin botnet that allowed machines to mine cryptocurrency. It subsequently began to evolve into a malware loader, which takes us to Microsoft’s most recent report on the state of the malevolent, citrus-infused digital duck.
Its primary goal remains enterprise IT infrastructure, but that does not mean that ordinary home users are not at risk.