1 min read

LemonDuck Crypto-Miner - a KingMiner Successor

Janos Gergo SZELES

October 08, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
LemonDuck Crypto-Miner - a KingMiner Successor

Crypto-miners have been around for several years, in all forms and shapes, and distributed via various attack avenues. Increased competition from other cyber-criminal groups and various defenses set in place at the browser or security solution level have prompted crypto-mining operators to up their game and look for victims in enterprise environments rather than home users.

Bitdefender researchers have taken a closer look at LemonDuck, an advanced attack that compromises enterprise networks for cryptocurrency mining. Some of the more impressive techniques include:

• Various avenues of initial access (phishing e-mails, EternalBlue, RDP, SSH, SQL accounts)
• File-less execution all the way through the final payloads
• Persistence via WMI and scheduled tasks
• Lateral movement with a dedicated module and various techniques
• Leveraging publicly available tools to attain goals (XMRig, PingCastle, PowerSploit).

A complete technical analysis and the Indicators of Compromise associated with this attack are available in the whitepaper below.

Download the whitepaper

tags


Author



Right now

Top posts

BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

December 06, 2022

1 min read
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

October 05, 2022

1 min read
A Red Team Perspective on the Device42 Asset Management Appliance

A Red Team Perspective on the Device42 Asset Management Appliance

August 10, 2022

1 min read
Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

EyeSpy - Iranian Spyware Delivered in VPN Installers EyeSpy - Iranian Spyware Delivered in VPN Installers
Janos Gergo SZELESBogdan BOTEZATU
2 min read
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
Bitdefender

January 05, 2023

1 min read
BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign
Adrian SCHIPORVictor VRABIE
1 min read