LemonDuck Crypto-Miner - a KingMiner Successor
October 08, 2020
Crypto-miners have been around for several years, in all forms and shapes, and distributed via various attack avenues. Increased competition from other cyber-criminal groups and various defenses set in place at the browser or security solution level have prompted crypto-mining operators to up their game and look for victims in enterprise environments rather than home users.
Bitdefender researchers have taken a closer look at LemonDuck, an advanced attack that compromises enterprise networks for cryptocurrency mining. Some of the more impressive techniques include:
• Various avenues of initial access (phishing e-mails, EternalBlue, RDP, SSH, SQL accounts)
• File-less execution all the way through the final payloads
• Persistence via WMI and scheduled tasks
• Lateral movement with a dedicated module and various techniques
• Leveraging publicly available tools to attain goals (XMRig, PingCastle, PowerSploit).
A complete technical analysis and the Indicators of Compromise associated with this attack are available in the whitepaper below.
tags
Author
Right now
Top posts
Vulnerabilities Identified in Wyze Cam IoT Device
March 29, 2022
New FluBot and TeaBot Global Malware Campaigns Discovered
January 26, 2022
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately
December 10, 2021
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand
November 08, 2021
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware
September 16, 2021
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
July 21, 2021
