LemonDuck Malware

What is LemonDuck Malware, What Makes it Dangerous and How Does it Operate?

Recently, Microsoft highlighted the evolution and key dangers of LemonDuck and how it has evolved. Evolved from a cryptocurrency, LemonDuck malware is the latest cybersecurity threat. The malware is capable of piercing through your personal information through stealing credentials, removing security controls, and spreading itself via emails, among other things.

Stay clear of suspicious emails:

The LemonDuck malware has been spread via emails. These mails have subject lines such as “The Truth of COVID-19”, “COVID-19 nCov Special info WHO”, “good bye”, “farewell letter” and “broken file”, and more.

So what is this malware, what threat does it pose, why is it so dangerous? Below is everything you need to know about the LemonDuck malware:

What is the LemonDuck malware?

The LemonDuck malware is code, it can cause – unwanted, usually dangerous changes to your system. LemonDuck, removes security controls, steals credentials. It spreads via emails and moves laterally, ultimately dropping more tools for operations carried by human activities.

According to Microsoft‘s blog this malware is a cross-platform threat, which is among the few documented bot malware families that target Windows systems & Linux-based machines.

Ironically, this malware is smart enough to remove other malware from a compromised device, it does so interestingly to eliminate any competition on the device.

Locations LemonDuck reached: 

The United States, Russia, China, Germany, the United Kingdom, India, Korea, Canada, France, and Vietnam.

LemonDuck malware’s cause of spreading:

The LemonDuck is known to spread in numerous ways, the malware can replicate itself via fake phishing emails, it can also use USB devices like flash drives, in addition to various exploits and brute-force attacks.

The darker part about this is it’s capability to quickly take advantage of news, events, even the release of new exploits to run effective campaigns.

Last year, the malware took advantage of the global COVID threat to persuade people into its infected mails. It also exploited newly patched Exchange Server vulnerabilities in order to gain access to outdated systems.

How does the LemonDuck malware operate?

Microsoft researchers are aware of two distinct operating structures using the LemonDuck malware but are potentially operated by two different entities for separate goals.

Microsoft said, “This infrastructure is seldom seen in conjunction with edge device compromise as an infection method, and is more likely to have random display names for its C2 sites, and is always observed utilizing “Lemon_Duck” explicitly in script”.

How to stay safe?

Protecting yourself against malware like the LemonDuck malware takes more steps than only protecting your system with tools like the Microsoft 365 Defender. Checking and Scanning USB drives frequently is also a good way to stay clear of the threat.

Leave a Reply

Your email address will not be published.

Driving Security Transformation Previous post Top 3 Trends That are Driving Security Transformation Across Businesses
outsourcing contact centres Next post Basic reasons to choose outsourcing contact centres