Microsoft has issued a security alert to customers about a new crypto mining virus. The new virus may steal passwords, disable security measures, propagate through emails. Moreover, they can eventually drop additional tools for human-operated activities.
Lemon Duck
The crypto mining virus known as ‘LemonDuck’ targets Windows and Linux systems. It also spreads through phishing emails, vulnerabilities, USB devices, and brute force assaults in many countries, including India.
Microsoft 365 Defender Threat Intelligence Team warned:
“LemonDuck’s threat to enterprises is also in the fact that it’s a cross-platform threat. It’s one of few documented bot malware families that target Linux systems as well as Windows devices.”
Lemon Duck’s Hazards
The virus can swiftly take advantage of news, events, or the availability of new flaws to execute effective campaigns.
“For example, in 2020, it was observed using Covid-19-themed lures in email attacks. In 2021, it exploited newly patched Exchange Server vulnerabilities to gain access to outdated systems,” Microsoft notified.
Additionally, even newly discovered or widely utilized vulnerabilities do not limit this hazard. It exploits earlier issues, which assist attackers by diverting attention to fixing a popular flaw rather than investigating a breach.
“Notably, LemonDuck removes other attackers from a compromised device by getting rid of competing malware and preventing any new infections by patching the same vulnerabilities it used to gain access,” said the company.
The Spread of the virus
LemonDuck’s early activities mainly focused on China. However, it has now grown to encompass the United States, India, Russia, China, Germany, the United Kingdom, Korea, Canada, France, and Vietnam.
“Once inside a system with an Outlook mailbox, as part of its normal exploitation behaviour, LemonDuck attempts to run a script that utilizes the credentials present on the device,” explained the Microsoft team.
The script tells the mailbox to send all contacts copies of a phishing letter with pre-programmed messages and attachments.
Security Measures Taken
Security measures that rely on identifying if receiving an email from a questionable sender don’t apply because of this form of contact messaging.
“This means that email security policies that reduce scanning or coverage for internal mail need to be re-evaluated, as sending emails through contact scraping is very effective at bypassing email controls,” the company suggested.
Last Monday, US President Joe Biden’s administration issued a public statement condemning China’s role in cybercrime. Biden accused China of running a large global operation of “state-sponsored activities” that has cost victims billions of dollars.
All 30 NATO allies and the European Union, Australia, New Zealand, and Japan, united in condemning Beijing. Thus, showing the significant global consequences.
