Microsoft warns customers of new crypto mining malware targeting Windows, Linux systems
text_fieldsNew Delhi: Microsoft has warned customers about a new crypto mining malware called 'LemonDuck', that is targeting Windows and Linux systems, spreading via phishing emails, exploits, USB devices and brute force attacks in various countries, including India.
"LemonDuck's threat to enterprises is also in the fact that it's a cross-platform threat. It's one of a few documented bot malware families that targets Linux systems as well as Windows devices," warned Microsoft 365 Defender Threat Intelligence Team.
The malware can quickly take advantage of news, events, or the release of new exploits to run effective campaigns.
"For example, in 2020, it was observed using Covid-19-themed lures in email attacks. In 2021, it exploited newly patched Exchange Server vulnerabilities to gain access to outdated systems," Microsoft informed.
This threat, however, does not just limit itself to new or popular vulnerabilities.It continues to use older vulnerabilities, which benefit the attackers at times when focus shifts to patching a popular vulnerability rather than investigating compromise.
"Notably, LemonDuck removes other attackers from a compromised device by getting rid of competing malware and preventing any new infections by patching the same vulnerabilities it used to gain access," said the company.
"Once inside a system with an Outlook mailbox, as part of its normal exploitation behaviour, LemonDuck attempts to run a script that utilises the credentials present on the device," the Microsoft team said.
"This means that email security policies that reduce scanning or coverage for internal mail need to be re-evaluated, as sending emails through contact scraping is very effective at bypassing email controls," the company suggested.
Meanwhile, US Secretary of State Antony Blinken said that the US and its allies had "formally confirmed" that China's Ministry of State Security (MSS) used the vulnerabilities in the Microsoft Exchange Server "in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims.