Lemon Duck malware isn't done harassing Windows and Linux, it's evolving

Surface Laptop 4 Amd 2021 Keyboard Lights
Surface Laptop 4 Amd 2021 Keyboard Lights (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Lemon Duck has been causing headaches for PCs for years.
  • It's evolving to be even more malicious.
  • Microsoft is tracking its activities and has issued a report on the latest Lemon Duck developments.

Lemon Duck is causing more trouble than ever. Originally, it was primarily a cryptocurrency botnet that enabled mining on machines. It then began a transition into being a malware loader, which brings us to the latest update from Microsoft on the state of the malicious, citrus-infused digital duck.

"Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity," Microsoft's security report reads, detailing the many ways Lemon Duck (now referred to as LemonDuck by Microsoft) can harm someone. Worse yet, it's not exclusive to one platform. It'll go after Windows as well as Linux, and is documented as spreading itself via phishing emails, USB devices, exploits, and more.

Arguably, the scariest part of LemonDuck is the fact that it's extremely good at covering its tracks. "[LemonDuck] continues to use older vulnerabilities, which benefit the attackers at times when focus shifts to patching a popular vulnerability rather than investigating compromise. Notably, LemonDuck removes other attackers from a compromised device by getting rid of competing malware and preventing any new infections by patching the same vulnerabilities it used to gain access."

Needless to say, Lemon Duck is among the more versatile threats out there. But wait, that's not all Microsoft has for us in the way of fruitily themed, animal-entitled cyber threats. There's also LemonCat, which is an entirely different infrastructure named after its usage of two domains that contain the word "cat." This lemony variant infrastructure is used for backdoor installations, malware delivery, and data and credential theft. It also tends to deliver the Ramnit malware.

If you want to learn more about the threat Lemon Duck (and Cat) pose to Windows 11, 10, and Linux systems, as well as how these systems are protected from said danger, check out Microsoft's post for all the technical details.

Robert Carnevale

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.