The LemonDuck malware that for the past couple of years has been known for its cryptocurrency mining and botnet capabilities is evolving into a much broader threat, moving into new areas of cyber attacks, targeting both Linux and Microsoft systems and expanding its geographical reach, according to security researchers with Microsoft.
At the same time, there now are two distinct operating structures that both use the LemonDuck malware but are possibly being operated by two different organizations that appear to have separate goals, further extending the reach of the malware, the researchers with the Microsoft 365 Defender Threat Intelligence Team wrote in a recent technical paper.
The report gives a glimpse into how malware with a narrowly defined focus can evolve to include other targets and develop into a larger and wider threat. LemonDuck apparently did just that when it “adopted more sophisticated behavior and escalated its operations,” the Microsoft group wrote. “Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.”
Routine Threats Become Dangerous
It’s a trend that can be seen in a host of examples, such as banking Trojans being an entry point for ransomware and hands-on-keyboard attacks, they wrote, addin ..
Support the originator by clicking the read the rest link below.