[MART] - Daily Diary #312 - LemonDuck, a Cross-Platform Malware

CTAS-MAT ctas-mat at appgate.com
Mon Jul 26 22:45:26 UTC 2021


Hello,


I hope everyone is doing well!


Below is the entry for today.


07/26/2021 - Diary entry #312:


LemonDuck is a cross-platform crypto-mining malware. It targets Microsoft Windows and Linux operating systems and has the ability to spread itself across an infected network. This threat can also act as a loader to execute another payload, such as ransomware and information stealers.


Firstly spotted in China in 2019, LemonDuck evolved quickly using COVID-19 subjects in spam campaigns and targeting unpatched systems, luring victims to download a fake patch update to common and known security vulnerabilities.


This threat has an interesting capability to get rid of another competitive malware detected on the infected machines, such as other crypto-miners, and patch the flaws used to first gain access. Besides that, it can steal credentials, move laterally, spread spam emails and turn the machines into cryptocurrency mining bots.



Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210726/b5aea73d/attachment.htm>


More information about the MART mailing list