LemonDuck Cryptomining Malware is Targeting Linux Systems


A familiar malware has made the jump from Windows to Linux systems and is spreading via numerous routes.

LemonDuck is a targeted attack that originally focused on vulnerabilities found in Microsoft's Exchange server to enable crypto mining on the compromised system. To make this attack even more vicious, LemonDuck removes other attackers from a compromised device to get rid of competing malware. This attack originally focused on China but has since begun targeting other countries (such as the US, Russia, Germany, the UK, India, Korea, Canada, France, and Vietnam). 

LemonDuck initially set its sights on Windows servers but has since expanded to Linux systems as well. On top of this, LemonDuck has expanded beyond crypto mining and can do things like send phishing emails, install backdoors, disable security controls, and steal credentials.

LemonDuck can spread via phishing emails, USB thumb drives, brute force attacks, and security exploits. 

Microsoft's 365 Defender Threat Intelligence Team had this to say about LemonDuck, "LemonDuck, an actively updated and robust malware that's primarily known for its botnet and cryptocurrency mining objectives, followed the same trajectory when it adopted more sophisticated behavior and escalated its operations."

Make sure you are following these CVEs to keep up on what's happening with this vulnerability: CVE-2017-0144 (EternalBlue), CVE-2017-8464 (LNK RCE), CVE-2019-0708 (BlueKeep), CVE-2020-0796 (SMBGhost), CVE-2021-26855 (ProxyLogon), CVE-2021-26857 (ProxyLogon), CVE-2021-26858 (ProxyLogon), CVE-2021-27065 (ProxyLogon)

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=