Attackers are reinventing means of monetizing their equipment constantly. Cisco Talos lately discovered a complex marketing campaign having a multi-modular botnet with several methods to spread. This risk, referred to as “Lemon Duck,” includes a cryptocurrency mining payload that steals personal computer assets to mine the Monero digital foreign currency. The actor employs different methods to spread over the system, like sending contaminated RTF files using e-mail, psexec, SMB and wmi exploits, like the infamous Eternal SMBGhost plus Blue threats that impact Windows 10 machines. Some variants assistance RDP brute-forcing also. In recent episodes we observed, this efficiency was omitted. The adversary utilizes tools such as for example Mimikatz also, that help the total amount be increased by the botnet of systems taking part in its mining pool.

Read More >>