Microsoft warns consumers about LemonDuck malware threat affecting Windows devices

Photo (c) Olemedia - Getty Images

Users should be wary of any email that has misspelled words and curious-looking subject lines

Microsoft sent out an important heads-up to its customers on Friday to warn about malware that’s targeting Windows-based computer systems. This specific threat comes from LemonDuck, a crypto-mining malware that reportedly begins with a single infection and then spreads quickly across a computer network. If left unchecked, it can turn every resource from USB devices to emails into cryptocurrency mining slaves. 

Unfortunately, LemonDuck’s threat doesn’t stop with just Windows users. “It’s one of a few documented bot malware families that targets Linux systems as well as Windows devices,” Microsoft 365’s Defender Threat Intelligence Team warned users in a blog post.

“And, it has shown that it can quickly take advantage of news, events, or the release of new exploits to run effective campaigns. For example, in 2020, it was observed using COVID-19-themed lures in email attacks. In 2021, it exploited newly patched Exchange Server vulnerabilities to gain access to outdated systems.”

The Microsoft 365 team says it is taking this threat seriously because of LemonDuck’s ability to constantly evolve. While the malware is primarily known for its cryptocurrency mining objectives, it has the ability to morph and escalate its insurgence by stealing credentials, removing security controls, spreading via emails, and putting more tools in place to interact with human-operated activities.

Red flags

There’s not much a typical Windows (or Linux) user can do on a network-wide scale, but there are some things everyday users should be aware of if they want to avoid being turned into a LemonDuck victim.

The most important piece of advice is to be vigilant when it comes to emails. Microsoft researchers say LemonDuck’s standard email subjects and body content can include jarring phrases like “The Truth of COVID-19” or seemingly out-of-place phrases like “farewell letter” or “good bye.” 

The team says these phrases are usually meant to elicit a reaction and get you to click on something. When that happens, your device is then infected by the malware. While these words and phrases are one red flag to look out for, there are two other easy ones that you can usually spot right away: poor spelling and suspicious files. 

Spelling mistakes are a common component of many scam messages, so you should beware of any email that is littered with these errors. When it comes to files, Microsoft says many scam emails tend to use .doc, .js, or .zip files that usually have a title like “readme” to entice users into clicking on them. Just make sure you don’t.

Take an Identity Theft Quiz. Get matched with an Authorized Partner.