The return of the LemonDuck malware reminds us that there is no such phenomenon as permanently eradicating a vulnerability. In fact, they often return in evolved formats with more ability to deal damage. Signature-based security technologies such as antivirus and intrusion prevention systems can only be a defense if they are within today’s threat landscape. Therefore, it is important to ensure that operating systems are patched on time.
LemonDuck malware can infect both a Windows PC and a Linux PC, and users who want to start cryptocurrency mining have identified it as a risk. A computer can be infected with an email, via a USB device, but also with malicious attacks. Now, and from what Microsoft reveals, LemonDuck seems to have changed again and adapted to what attackers need. Now it seems focused on stealing user data, removing security controls, spreading via email, creating back doors for remote use.
LimonDuck exploits zero-day vulnerabilities in Windows Exchange Server and this spells a security disaster for thousands of organizations. These four critical flaws were named ProxyLogon and affect Microsoft Exchange Server 2013, 2016 and 2010. Patches, vulnerability detection tools, and mitigation instructions were made available in March, but sadly, up to 60,000 organizations are estimated. they may have been compromised.
Microsoft also details that we beware of LemonCat, which is a separate but equally dangerous and highly evolved targeted malware tool used in RCE attacks to install back doors on systems. According to Microsoft, this malware first reached China, but it seems that it has spread to other countries, such as the United States, Russia, France, Canada and several others, there is no doubt that the threats are evolving and do not disappear, so we must be prepared to face all these threats like LemonDuck and the others that will appear in the near or distant future.
See also:
PrintNightmare Vulnerability that affects Windows
KRACK vulnerability that affected Apple
[…] reads:LemonDuck returns to exploit VulnerabilitiesPegasus Spyware threat to the iPhonePopAds Adware – Don’t fall for these malicious adsAnnoying […]