{"id":108578,"date":"2021-12-27T13:30:18","date_gmt":"2021-12-27T08:00:18","guid":{"rendered":"https:\/\/www.mapsofindia.com\/my-india\/?p=108578"},"modified":"2021-12-24T18:56:13","modified_gmt":"2021-12-24T13:26:13","slug":"know-about-the-lemon-duck-malware","status":"publish","type":"post","link":"https:\/\/www.mapsofindia.com\/my-india\/technology\/know-about-the-lemon-duck-malware","title":{"rendered":"Know about the Lemon Duck malware"},"content":{"rendered":"<p><span data-preserver-spaces=\"true\">Lemon Duck is a monero crypto-mining malware that was initially discovered in China. It is a dynamic, updated and powerful malware that attacks Windows and Linux systems.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">According to Microsoft, it exploits different servers to use for mining cryptocurrency. Its purpose is to misuse the infected machine&#8217;s resources. Its spread is fast where the system can be utilised to its fullest by consuming 100% of resources.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">Its functions run in various countries, namely India, Vietnam, Korea, United States, Canada, Russia, United Kingdom, Germany, France and others. <\/span><span data-preserver-spaces=\"true\">Since it has been restructured to be cross-platform, it harms the system through various ways such as stealing credentials, eliminating safety controls, propagating through emails, strikes laterally and dropping additional instruments for human-operated practices.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">The indications infiltrate the user&#8217;s computer and stay quiet with no sound regarding the signs. Therefore, as such, no indications are evident on an infected machine. The distribution process comprises Trojans, spam campaigns, illegal activation tools (&#8220;cracks&#8221;), fake updaters and untrusted download channels. In addition, spam campaigns are undertaken to send thousands of fraud emails.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">&#8220;This infrastructure is seldom seen together with edge machine compromise as an infection methodology, and is extra more likely to have random show names for its C2 websites, and is at all times noticed using \u201cLemon_Duck\u201d explicitly in script,&#8221; believes Microsoft.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">It is important to note that bogus updaters infect systems by using flaws of the products which are old or less in use and simply by installing malicious software instead of the provided updates.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">The Microsoft 365 Defender Threat Intelligence Team stated, &#8220;[LemonDuck] continues to use older vulnerabilities, which benefit the attackers at times when focus shifts to patching a popular vulnerability rather than investigating compromise.&#8221;<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">It added, &#8220;Notably, LemonDuck removes other attackers from a compromised device by getting rid of competing malware and preventing any new infections by patching the same vulnerabilities it used to gain access.&#8221;<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">Lemon Duck has nearly 12 different initial infection vectors where most malware, with Proxy Logon, exploits only the recent update. Its overall strength is from Server Message Block (SMB) and Remote Desktop Protocol (RDP) password brute-forcing, attacking the RDP BlueKeep flaw (CVE-2019-0708) in Windows machines, internet-of-things systems with feeble or default passwords.<\/span><\/p>\n<p><strong><span data-preserver-spaces=\"true\">How to prevent the installation of Malware?<\/span><\/strong><\/p>\n<p><span data-preserver-spaces=\"true\">Malware is generally downloaded without being aware of suspicious sources such as unverified and free file-hosting (freeware) sites, P2P sharing (BitTorrent, eMule, Gnutella, etc.), and other third parties downloaders.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">One should use only official channels, and legitimate developers offer tools or functions for activation or updating purposes on a day-to-day basis. On the other hand, illegitimate activation (&#8220;cracking&#8221;) tools and third party updates should not be taken up, as they are prone to be used for malware spread.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">&#8220;Web shells are pernicious. They provide attackers with a permanent backdoor into a victim\u2019s web applications and related systems, with the ability to add commands of their choice, whenever they want to, directly onto the web server, without needing to login first,\u201d says Rajesh Natara, Sophos&#8217; senior threat researcher.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">He further says, \u201cThis version of Lemon Duck allows an attacker to copy the web shells they use and hide them in a different location \u2013 boosting the likelihood of the shells remaining unseen so they can be used again.&#8221;<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">According to him, organisations should know about exposure to remain free from the risks attached. Then, they can assess and figure it out accordingly. Finally, they should opt for the best solutions that safeguard against such attacks.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lemon Duck is a monero crypto-mining malware that was initially discovered in China. It is a dynamic, updated and powerful malware that attacks Windows and Linux systems. According to Microsoft, it exploits different servers to use for mining cryptocurrency. Its purpose is to misuse the infected machine&#8217;s resources. Its spread is fast where the system [&hellip;]<\/p>\n","protected":false},"author":21815,"featured_media":114827,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11315,6124],"tags":[],"class_list":{"0":"post-108578","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-india","8":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.mapsofindia.com\/my-india\/wp-json\/wp\/v2\/posts\/108578","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mapsofindia.com\/my-india\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mapsofindia.com\/my-india\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mapsofindia.com\/my-india\/wp-json\/wp\/v2\/users\/21815"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mapsofindia.com\/my-india\/wp-json\/wp\/v2\/comments?post=108578"}],"version-history":[{"count":2,"href":"https:\/\/www.mapsofindia.com\/my-india\/wp-json\/wp\/v2\/posts\/108578\/revisions"}],"predecessor-version":[{"id":114814,"href":"https:\/\/www.mapsofindia.com\/my-india\/wp-json\/wp\/v2\/posts\/108578\/revisions\/114814"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mapsofindia.com\/my-india\/wp-json\/wp\/v2\/media\/114827"}],"wp:attachment":[{"href":"https:\/\/www.mapsofindia.com\/my-india\/wp-json\/wp\/v2\/media?parent=108578"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mapsofindia.com\/my-india\/wp-json\/wp\/v2\/categories?post=108578"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mapsofindia.com\/my-india\/wp-json\/wp\/v2\/tags?post=108578"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}