Warning about the LemonDuck crypto mining malware which is targeting both Windows and Linux systems

0
22
blank

Microsoft is warning customers about the which is targeting both Windows and Linux systems and is spreading via phishing emails, exploits, USB devices, and brute force attacks. If left unchecked, it can turn every resource from USB devices to emails into cryptocurrency mining slaves. LemonDuck removes other attackers from a compromised device by getting rid of competing malware and preventing any new infections by patching the same vulnerabilities it used to gain access. According to Microsoft, LemonDuck initially hit China heavily, but it has now expanded to the US, Russia, , the UK, India, Korea, Canada, France, and Vietnam. The vulnerabilities it targets for initial compromise include CVE-2017-0144 (EternalBlue), CVE-2017-8464 (LNK RCE), CVE-2019-0708 (BlueKeep), CVE-2020-0796 (SMBGhost), CVE-2021-26855 (ProxyLogon), CVE-2021-26857 (ProxyLogon), CVE-2021-26858 (ProxyLogon), and CVE-2021-27065 (ProxyLogon). LemonDuck attempts to run a script that utilizes the credentials present on the device. The script instructs the mailbox to send copies of a phishing message with preset messages and attachments to all contacts,” Microsoft notes. The Microsoft 365 team says it is taking this threat seriously because of LemonDuck’s ability to constantly evolve.

blank

Malware authors continue to take advantage of the coronavirus pandemic to propagate threats.Microsoft researchers say LemonDuck’s standard email subjects and body content can include jarring phrases like “The Truth of COVID-19” or seemingly out-of-place phrases like “farewell letter” or “good bye.” Below are the email subjects that could be used by the mailer script:
• “The Truth of COVID-19” – “Virus actually comes from United States of America”
• “COVID-19 nCov Special info WHO” – “very important infomation for Covid-19 see attached document for your action and discretion.”
• “HALTH ADVISORY:CORONA VIRUS” – “the outbreak of CORONA VIRUS is cause of concern especially where forign personal have recently arrived or will be arriving at various intt in near future. see attached document for your action and discretion.”
• “WTF” – “what’s wrong with you?are you out of your mind!!!!!”
• “What the fcuk” – “are you out of your mind!!!!!what ‘s wrong with you?”
• “good bye” – “good bye, keep in touch”
• “farewell letter” – “good bye, keep in touch”
• “broken file” – “can you help me to fix the file,i can’t read it”
• “This is your order?” – “file is brokened, i can’t open it”

LEAVE A REPLY

Please enter your comment!
Please enter your name here