LemonDuck Cryptomining Botnet Hunting for Misconfigured Docker APIs

By Deeba Ahmed LemonDuck cryptomining botnet previously targeted Microsoft Exchange servers. Now it is targeting the worlds leading containerization platform, Docker.… This is a post from HackRead.com Read the original post: LemonDuck Cryptomining Botnet Hunting for Misconfigured Docker APIs...

Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud

LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign. "It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses," CrowdStrike said in a new report. "It...

A week in security (August 2 – August 8)

Last week on Malwarebytes Labs: RDP brute force attacks explained The 3 biggest threats reaching for your antivirus software’s off switch Zoom and gloom? Video comms org agrees to settle for $85m COVID-19 vaccine appointment system attacked in Italy Chrome casts away the padlock - is it good...

A week in security (July 26 – August 1)

Last week on Malwarebytes Labs: OSX.XLoader hides little except its main purpose: What we learned in the installation process. The Clubhouse database “breach” is likely a non-breach. Here’s why. Kaseya Unitrends has unpatched vulnerabilities that could help attackers expand a breach. UDP Technolo...

LemonDuck no longer settles for breadcrumbs

LemonDuck has evolved from a Monero cryptominer into LemonCat, a Trojan that specializes in backdoor installation, credential and data theft, and malware delivery, according to the Microsoft 365 Defender Threat Intelligence Team, which explained their findings in a two-part story 12 on the...

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covered the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 provides a deep dive on the attacker...

Old crypto malware makes come back, hits Windows, Linux devices

By Deeba Ahmed LemonDuck was first discovered in China in 2019 as a cryptocurrency botnet that used affected systems for Monero mining. This is a post from HackRead.com Read the original post: Old crypto malware makes come back, hits Windows, Linux devices...

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the...

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 is a deep dive on the attacker behavi...

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 is a deep dive on the attacker behavi...

Proxylogon: A Coinminer, a Ransomware, and a Botnet Join the Party

Our telemetry showed three malware families taking advantage of the ProxyLogon vulnerability beginning in March: the coinminer LemonDuck was sighted first, quickly followed by the ransomware BlackKingdom, then the Prometei botnet...