The crypto mining malware that was noticeably noticed a few years ago is on the rise again, focusing on older vulnerabilities that may not have been noticeably investigated by the security community on Windows PCs (and Linux PCs as well) ) . This heightened threat, called LemonDuck, was recently reported by the Microsoft 365 Defender Threat Intelligence Team and details how LemonDuck has evolved.

LemonDuck’s features include stealing Major credentials from Windows And Linux PCs, removing security controls, disabling system administrators, spreading via email, installing on the system and enabling a remote code execution (RCE) backdoor .A number of ransomware, spyware, or other advanced cyber warfare tools.

Emphasizing how serious and widespread the Lemon Duck threat can be, Microsoft Position “(LemonDuck) uses a variety of spreading mechanisms such as phishing emails, exploits, USB devices, brute force, and new exploits to run news, events, or effective campaigns.

Microsoft also revealed that while the attackers initially focused primarily on China, India is among the top 10 most affected countries due to the malware. India ranks alongside the United States, Russia, China, Germany and the United Kingdom on a list of the top six countries targeted by attackers.

Microsoft also details the use of LemonCat, a separate but similarly dangerous and highly evolved targeted malware tool used in RCE attacks to install backdoors on systems. The latter activity is an essential gateway for threat actors, who can use it to snoop users, deploy ransomware, steal sensitive data, and cyber blackmail for a variety of malicious interests. You can do it.

The first two malware known for botnet and crypto mining attacks are not at the end of the list of tools that can launch catastrophic cyberattacks on key enterprises in key sectors. Older systems are one of the biggest ways these attacks can spread, so both users and IT administrators can quickly patch many vulnerabilities in systems that can be exposed to serious threats. And it is essential to carry out immediate updates.