LemonDuck Malware Compromise Linux Machines via SSH

According to a new report from Microsoft, a Windows and Linux devices are under attack by a cryptomining worm called LemonDuck.

According to a new report from Microsoft, a revamped version of LemonDuck crypto-mining malware is now targeting Windows and Linux devices.

LemonDuck is malware related to the cryptocurrency mining process. It has evolved from a cryptocurrency botnet to a dangerous malware that is capable of stealing credentials, removing security controls, and spreading itself via emails.

LemonDuck is known for targeting enterprise networks, gaining access over the MS SQL service via brute-forcing or the SMB protocol using EternalBlue. But now this cryptomining malware has been updated to compromise Linux machines via SSH brute force attacks and to infect servers running Redis and Hadoop instances.

A computer can be infected with an exploits, phishing emails, USB devices, and brute force attacks.

How LemonDuck works

To find Linux devices that it can infect as part of SSH brute force attacks, LemonDuck makes use of a port scanning module that searches for Internet-connected Linux systems listening on the 22 TCP port used for SSH.

When it finds them, it launches an SSH brute force attack on these machines, with the username root and a hardcoded list of passwords. If the attack is successful, the attackers download and execute malicious shell code.

Ironically, LemonDuck removes other attackers from a compromised device by getting rid of competing malware and preventing any new infections by patching the same vulnerabilities it used to gain access.

LemonDuck was first discovered in China in 2019, but now it impacts a very large geographic range. United States, Russia, China, Germany, the United Kingdom, India, Korea, Canada, and France seeing the most encounters.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%

Leave a Reply

Your email address will not be published. Required fields are marked *