LemonDuck Malware Targets Linux & Windows Systems

white and yellow plastic toy

Microsoft issued a warning about a new malware that targets both Windows and Linux systems. While Linux systems have traditionally been considered safer than Windows. However, as with Macs, part of that is because hackers just weren’t bothering to target the systems.

Now, malware called LemonDuck is targeting both operating systems. LemonDuck is usually used as a crypto-mining malware. That’s malware that hijacks your system to use it to help “mine” cryptocurrency like Bitcoin.

close up photo of a yellow rubber duck
Photo by Armando Are on Pexels.com

Traditional currency is created by mints, Bitcoins are created by mining. Not in the ground, of course, but by computers running math equations.

Bitcoin uses a decentralized ledger that’s updated by users. Users who wish to participate in updating the ledger, do it by allowing their computer to guess a random number generated by the Bitcoin mining program. If your computer guesses correctly, it gets to write the next page of the ledger and you earn bitcoins for your work.

Your data is sent to the whole network and other computers will validate it. The computers that validate your part of the solution will update their copies of the Bitcoin transaction ledger. Then the system generates Bitcoins and gives them to you as payment for your computer’s efforts in solving the math problem.

This requires a lot of computing power and energy, which is why hackers like to borrow other people’s systems for the purpose. This can overtax your computer, slow it down, and drive up your energy costs.

Microsoft warns this malware has expanded beyond mining. “Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.”

That means it opens the door for hackers to take control of your system and steal private information.

Like many types of malware, LemonDuck most often gets on servers via emails. Users either open an infected attachment or click on a link that takes them to a site with a malicious payload. Microsoft shared some of the subject lines used to trick people into downloading LemonDuck:

  • The Truth of COVID-19
  • COVID-19 nCov Special info WHO
  • WTF
  • What the fcuk
  • good bye
  • farewell letter
  • broken file
  • This is your order?

As always, be incredibly careful about attachments in emails and which links you click on. Always take time to think before you click.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.