Articles LemonDuck botnet becomes an increasingly dangerous cyber threat

LemonDuck botnet becomes an increasingly dangerous cyber threat


Experts suggest that LemonDuck may soon turn into a Malware-as-a-Service business model.

Over the past two years, the LemonDuck cryptocurrency mining malware has evolved into a massive botnet, and its operators are now experimenting with new types of attacks on compromised networks. Microsoft’s experts conducted analysis on LemonDuck and spoke about recent developments in the malware code, allowing to carry out attacks using the keyboard (hands-on-keyboard intrusions) . In the course of such attacks, cybercriminals stop using automatic scripts and manually log into the infected system to execute commands on their own.

LemonDuck was discovered by the Israeli security firm Guardicore in the first half of 2019. The botnet was originally a small operation based on classic email spam to spread malicious files and infect victims’ systems with malware. However, over the past two years, the malware has constantly received new features, and in 2020 its creators added support for network attacks. The botnet can now infect Windows and Linux systems and is equipped with a number of features that allow it to remove competing malware from infected devices, defend against attacks from competitors, and steal credentials from local systems to ensure persistence.

“There was no indication that future attacks would be in the nature of manual actions on the keyboard. LemonDuck’s operators took their project seriously. Their multi-stage PowerShell scripts turned out to be more complex and convoluted than those of other criminals, and malware operators often used open source tools to carry out infection, ”the experts explained.

As noted by the researchers, LemonDuck operators have also begun installing other types of malware on infected systems, such as malware from the Ramnit family. Experts speculate that LemonDuck could evolve into a Malware-as-a-Service business model, giving access to malware to other groups.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you