Cybersecurity: Microsoft warns consumers against LemonDuck malware affecting Windows devices

*The global technology company and software giant cautions consumers to be wary of specific threat comes from LemonDuck, a crypto-mining malware, in any e-mails that have misspelled words and curious-looking subject lines

Gbenga Kayode | ConsumerConnect

Microsoft Corporation has dispatched an important heads-up to its proeuct and services clienteles warning them about malware that is targeting Windows-based computer systems.

The American company Friday, July 23, 2021, said that the specific threat comes from LemonDuck, a crypto-mining malware that reportedly begins with a single infection and then spreads quickly across a computer network.

If left unchecked, it can turn every resource from USB devices to emails into cryptocurrency mining slaves.

However, LemonDuck’s threat does not stop with just Windows users, report stated.

Microsoft 365’s Defender Threat Intelligence Team warned users in a blog post that “it’s one of a few documented bot malware families that targets Linux systems as well as Windows devices.

“And, it has shown that it can quickly take advantage of news, events, or the release of new exploits to run effective campaigns.

“For example, in 2020, it was observed using COVID-19-themed lures in e-mail attacks. In 2021, it exploited newly patched Exchange Server vulnerabilities to gain access to outdated systems.”

The Microsoft 365 team also disclosed that it is taking this threat seriously because of LemonDuck’s ability to constantly evolve in Windows devices.

It was learnt though the malware is primarily known for its cryptocurrency mining objectives, it has the ability to morph and escalate its insurgence by stealing credentials, removing security controls, spreading via e-mails, and putting more tools in place to interact with human-operated activities.

Red flags

There’s not much a typical Windows (or Linux) user can do on a network-wide scale, but there are some things everyday users should be aware of if they want to avoid being turned into a LemonDuck victim, ConsumerAffairs report said.

Meanwhile, Microsoft researchers say LemonDuck’s standard e-mail subjects and body content can include jarring phrases like “The Truth of COVID-19” or seemingly out-of-place phrases like “farewell letter” or “good bye.”

According to the team, these phrases are usually meant to elicit a reaction and get you to click on something.

When that happens, your device is then infected by the malware. While these words and phrases are one red flag to look out for, there are two other easy ones that you can usually spot right away: poor spelling and suspicious files.

It further noted that spelling mistakes are a common component of many scam messages, so you should beware of any email that is littered with these errors.

The global tech giant said when it comes to files, several scam e-mails tend to use .doc, .js, or .zip files that usually have a title like “readme” to entice users into clicking on them.

Microsoft’s ultimate advice: Just make sure you don’t.

ConsumerConnect reports Microsoft Corporation is an American multinational technology company which produces computer software, consumer electronics, personal computers, and related services.

Kindly Share This Story