Malware campaign targets global manufacturers that are still dependent on Windows 7 subsystems to run fleets of IoT endpoints.
Printers, smart TVs and automated guided vehicles that depend on Windows 7 have become the latest juicy targets for cybercriminals leveraging a “self-spreading” variant of the malware Lemon Duck. In a report released Wednesday by TrapX Security, researchers warn manufacturers dependent on IoT devices are targets in a new global campaign leveraging the malware variant.
Criminals behind the wave of attacks are singling out IoT gear in hopes of enlisting them into a “slave army” of crypto-mining devices focused on generating Monero coins via the XMRig mining tool. Researchers warn that the processor-intensive mining efforts are taking their toll on gear and triggering equipment malfunctions along with exposing devices to safety issues, disruption of supply chains and data loss.
The
26-page report by TrapX Research Labs cites a number of 2019 attacks against three large global manufacturers. The common thread is the use of Lemon Duck malware and the presence of Windows 7 in embedded or associated systems. Windows 7, which TrapX estimates is still used by 200 million devices, is no longer receiving security updates by Microsoft as of January 14, 2020.
