Microsoft raises the alarm: an evolved LemonDuck attacks Windows and Linux computers


Microsoft posted a report advising that there is an evolved version of LemonDuck that, in addition to mining cryptocurrencies, you can now steal credentials, hack back doors, and carry out various other malicious activities on vulnerable computers. The first version was discovered years ago, but what it did was use the resources of our teams to mine currencies such as Bitcoin. The new one is far more dangerous, according to the Microsoft 365 Defender Threat Intellligence team.

And why are we talking about this in LinuxAdictos? Because this virus also affects computers using Linux. Among his new abilities, he can now steal credentials, disable security controls, spread phishing emails, and install back doors to expose computers to future attacks from other tools.

LemonDuck can exploit older vulnerabilities

LemonDuck can exploit old vulnerabilities that have not yet been patched. Among the flaws that you can take advantage of, we have:

  • CVE-2019-0708, known as / related to BlueKeep.
  • CVE-2017-0144, known as / related to EternalBlue.
  • CVE-2020-0796, known as / related to SMBGhost.
  • CVE-2017-8464, known as / related to LNK RCE.
  • CVE-2021-27065, CVE-2021-26855, CVE-2021-26857 and CVE-2021-26858 related to ProxyLogon.

The most curious thing about this version of LemonDuck is that it can eliminate other attackers from the scene. That is, on an infected computer, this lemon duck try to avoid new attacks by patching the same bugs you have used to gain access to the system. A hoarding and selfish malware, but it is not that we are going to speak well of any other malicious software.

Initially, LemonDuck is intended for users in China, but it is also active in the United States, France, Germany, the United Kingdom, India, Russia, Korea, Canada, and Vietnam. Neither Spain nor Latin America are currently on the list, but this is a good time to remember that it is worth installing, at least, all the security patches that our Linux distribution offers us as soon as possible.

The content of the article adheres to our principles of editorial ethics. To report an error click here!.

A comment, leave yours

Leave a Comment

Your email address will not be published.



  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   ja said

    This campaign affected Exchange Server between its versions 2013 to 2019.
    In servers with windows, curious that the news repeated by all the yellow press is that it affects windows and linux, but not mac.
    Cachis, there is already a market, we have to start selling antivirus and convince linux people that the superuser account is useless, an antivirus is better

bool (true)