In a current active malware campaign, the cybersecurity analysts at Crowdstrike have claimed that LemonDuck uses the Docker command-line tool to deploy a cross-platform mining botnet on Linux operating systems that mines cryptocurrencies with a cross-platform method.
In short, the threat actors are actively targeting the Docker to mine cryptocurrency on Linux systems. Initially, Trend Micro researchers discovered the Lemon_Duck crypto mining malware in June 2019 while they were testing enterprise networks with the possibility of stealing cryptocurrency from them.
When it was discovered for the first time, the bot was gaining access to the MS SQL service by:-
- Using brute-force attacks.
- Exploiting the EternalBlue vulnerability.
- Exploiting the ProxyLogon vulnerability.
- Exploiting the BlueKeep vulnerability.
By using various concurrent campaigns, this botnet attempts to monetize its activities by mining cryptocurrencies like Monero in real-time.
Exposed Docker API
CrowdStrike has detected…
