Skip to main content

Microsoft Details LemonDuck and LemonCat Monero-Mining Malware

posted onJuly 26, 2021
by l33tdawg
Flickr
Credit: Flickr

The Microsoft 365 Defender Threat Intelligence Team on Thursday published a detailed look at the LemonDuck and LemonCat malware used to mine the Monero cryptocurrency, among other things, after gaining access to vulnerable devices.

Microsoft said devices in "the United States, Russia, China, Germany, the United Kingdom, India, Korea, Canada, France, and Vietnam" are most frequently affected by LemonDuck. The malware exploits vulnerabilities in both Windows and Linux, too, which helps it cast as wide a net as possible in its search for potential victims.

LemonDuck isn't a novel threat—it's been active since at least 2019. Security companies like Trend Micro and Cisco Talos have followed it in the months since. Starting in January, however, there appeared to be two different versions of the malware that shared many characteristics but diverged in several notable ways. Microsoft said it's "aware of two distinct operating structures, which both use the LemonDuck malware but are potentially operated by two different entities for separate goals." It decided to keep the LemonDuck moniker for the first operating structure, but for the second, it decided a new name was in order. Meet LemonCat.

Source

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th