What Is LemonDuck? Cross-Platform Mining Malware That Impacts Home windows and Linux

This worrying malware is spreading from Windows and Linux devices which means nobody is safe. Here's what you need to know.

The world of cybersecurity is evolving at a rapid pace. New and more sophisticated attacks are emerging every day. Although most of these threats have been patched, some have been crawling around the internet for much longer. LemonDuck is one such example.

It is a cross-platform malware that targets Windows and Linux devices and acts as an entry point for other malicious tools. What exactly is LemonDuck? How does it work?

What is LemonDuck malware?

LemonDuck is robust malware that targets Windows and Linux devices, as well as edge devices such as WiFi routers. It has been active since 2019 and continues to infect devices for various purposes. Aside from standard mining activities, LemonDuck also steals credit card information, disables security rules, and installs tools for handy keyboard attacks.

The malware gets its name from the variable "Lemon_Duck"which is present in most of his scripts. This variable is normally used to set up the user agent during botnet connections.

How does LemonDuck infect the IT infrastructure?

What sets LemonDuck apart from other mining malware is that it withstands security patches. It uses various methods of distribution including phishing emails, USB drives, and older but still active exploits. In addition, LemonDuck fixes the same vulnerability it used to gain access after a system was infected.

And it has started using advanced command and control centers (C2) and increasing lateral movement. A key feature of the LemonDuck malware is that it runs smart and successful campaigns. It gains access either by compromising edge devices or by bot-controlled email infections.

Inside, LemonDuck scans the Linux or Windows host for open or weak SMB, SQL, RDP, Hadoop or Exchange networks. It then tries to take advantage of them to spread to other devices.

Related: How LemonDuck Malware Targets Businesses and How to Stay Protected

How to protect your Windows or Linux device from LemonDuck

It's difficult to protect yourself from sophisticated botnets. LemonDuck uses many old vulnerabilities to gain access. So stay tuned to your security updates to make sure you are protected from readily available exploits.

Since LemonDuck spreads successfully via phishing emails, you should check all email attachments for malware before or immediately after downloading them.

Suspicious file downloaded? How to check if it contains malware

Accidentally downloaded a file that you suspect might be a virus? Or what if you think there is a link to a malicious website? Here's what to do.

Continue reading

About the author

Rubaiat Hossain
(43 articles published)

Rubaiat is a CS graduate with a strong passion for open source. Aside from being a Unix veteran, he's also into network security, cryptography, and functional programming. He is a passionate collector of used books and has an endless admiration for classic rock.

More
By Rubaiat Hossain

Subscribe to our newsletter

Subscribe to our newsletter for tech tips, reviews, free e-books, and exclusive offers!

Click here to subscribe

Leave a Reply

Your email address will not be published. Required fields are marked *