LemonDuck Crypto-Miner – a KingMiner Successor

Crypto-miners have been around for several years, in all forms and shapes, and distributed via various attack avenues. Increased competition from other cyber-criminal groups and various defenses set in place at the browser or security solution level have prompted crypto-mining operators to up their game and look for victims in enterprise environments rather than home users.

Bitdefender researchers have taken a closer look at LemonDuck, an advanced attack that compromises enterprise networks for cryptocurrency mining. Some of the more impressive techniques include:

• Various avenues of initial access (phishing e-mails, EternalBlue, RDP, SSH, SQL accounts)
• File-less execution all the way through the final payloads
• Persistence via WMI and scheduled tasks
• Lateral movement with a dedicated module and various techniques
• Leveraging publicly available tools to attain goals (XMRig, PingCastle, PowerSploit).

A complete technical analysis and the Indicators of Compromise associated with this attack are available in the whitepaper below.

Download the whitepaper

*** This is a Security Bloggers Network syndicated blog from Bitdefender Labs authored by Janos Gergo SZELES. Read the original post at: https://labs.bitdefender.com/2020/10/lemonduck-crypto-miner-a-kingminer-successor/

Recent Posts

Phishing Attacks on Your Brand are Unrelenting, AI is the Only Way to Fight Back

When it comes to detecting phishing and social engineering threats, slow response times are detrimental. Automate online brand protection to take…

8 hours ago

Germany’s Anti-Semitic Phonetic Alphabet

Interesting development in Germany to restore phonetics that were erased by the Nazis Before the Nazi dictatorship some Jewish names…

12 hours ago

DEF CON 28 Safe Mode Aerospace Village – Allan Tart’s & Fabian Landis’ ‘Low Cost VHF Receiver’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization's…

20 hours ago

XKCD ‘Contiguous 41 States’

via the comic delivery system monikered Randall Munroe resident at XKCD! Permalink

21 hours ago

DEF CON 28 Safe Mode Aerospace Village – Matt Gaffney’s ‘MITM: The Mystery In The Middle’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization's…

22 hours ago

IronNet’s top 10 predictions for 2021

It's December, so you know what that means: Predictions for what's to come for cyber in 2021. We brought together…

2 days ago