1 min read

LemonDuck Crypto-Miner - a KingMiner Successor

Janos Gergo SZELES

October 08, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
LemonDuck Crypto-Miner - a KingMiner Successor

Crypto-miners have been around for several years, in all forms and shapes, and distributed via various attack avenues. Increased competition from other cyber-criminal groups and various defenses set in place at the browser or security solution level have prompted crypto-mining operators to up their game and look for victims in enterprise environments rather than home users.

Bitdefender researchers have taken a closer look at LemonDuck, an advanced attack that compromises enterprise networks for cryptocurrency mining. Some of the more impressive techniques include:

• Various avenues of initial access (phishing e-mails, EternalBlue, RDP, SSH, SQL accounts)
• File-less execution all the way through the final payloads
• Persistence via WMI and scheduled tasks
• Lateral movement with a dedicated module and various techniques
• Leveraging publicly available tools to attain goals (XMRig, PingCastle, PowerSploit).

A complete technical analysis and the Indicators of Compromise associated with this attack are available in the whitepaper below.

Download the whitepaper

tags


Author



Right now

Top posts

Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Under Siege for Months: the Anatomy of an Industrial Espionage Operation Under Siege for Months: the Anatomy of an Industrial Espionage Operation
Alexandru MAXIMCIUCVictor VRABIE
1 min read
New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike
Filip TRUȚĂRăzvan GOSAAdrian Mihai GOZOB
4 min read
New FluBot and TeaBot Global Malware Campaigns Discovered New FluBot and TeaBot Global Malware Campaigns Discovered
Bitdefender

January 26, 2022

10 min read