Categories: News

Alarming growth of difficult-to-detect ‘Lemon Duck’ crypto mining botnet

A crypto mining botnet called Lemon Duck is spreading through Windows 10 computers, infecting users through fake Covid-19 emails.

Since the end of August, cybersecurity researchers have identified increased activity on a crypto mining botnet called “Lemon Duck”.

The botnet has been around since December 2018, however a big jump in activity over the past six weeks suggests that the malware has infiltrated many more machines in order to harness their resources to mine the cryptocurrency Monero.

Research carried out by Cisco’s Talos Intelligence Group, suggests that Lemon Duck infections are unlikely to have been detected by end users, however power defenders such as network administrators are likely to have picked it up.

Crypto mining malware can cause physical damage to hardware since it leaches resources by running the CPU or GPU constantly in order to carry out the mining process. This will cause an increase in power consumption and heat generation which, in severe cases, could lead to a fire.

Increase of activity caused by Lemon Duck. Source: blog.talosintelligence.com

Windows 10 computers are targeted by the malware which exploits vulnerabilities in a number of Microsoft system services. The malware has been spread through email with a Covid-19 related subject and an infected file attached. Once the system has been infected it uses Outlook to automatically send itself to every contact in the affected user’s contacts list.

The spurious emails contain two malicious files, the first is an RTF document with the name readme.doc. This exploits a remote code execution vulnerability in Microsoft Office. The second file is called readme.zip which contains a script that downloads and runs the Lemon Duck loader.

Once installed, the sophisticated software terminates a number of Windows services and downloads other tools for stealth connections to the rest of the network. Lemon Duck has also been known to infect Linux systems, but Windows machines are the primary victims.

The malware mines Monero since it is anonymous by design and very easy to obfuscate. The researchers did not elaborate as to who was behind Lemon Duck though it has been linked to other crypto mining malware called “Beapy” which targeted East Asia in June 2019.

Last month, Coinbase wallet users were targeted by new Android malware designed to steal Google Authenticator codes.

[…]
Learn more

crypto

Leave a Comment

Recent Posts

Mt. Gox Bitcoin Movements: Market Impact and Ex-Client Risks

The defunct cryptocurrency exchange Mt. Gox is making waves again, this time with huge Bitcoin…

5 months ago

Taproot Assets: Revolutionizing Bitcoin’s Lightning Network

Lightning Labs, a leading developer in Bitcoin's Lightning Network ecosystem, has launched a groundbreaking protocol…

5 months ago

Whale With Ethereum Foundation Link Transfers 92,500 ETH Worth $288M 

According to onchain data, a significant whale holding over 92,500 ether moved the funds to…

5 months ago

Discover the Skinny Bob MemeCoin: NFTs, Multi-Chain, and Cosmic Humor

🛸Inspired by the internet's favorite extraterrestrial, Skinny Bob MemeCoin is revolutionizing the cryptosphere across multiple…

5 months ago

Uncovering the Risks of NFTs for Creators and Buyers

NFTs, or non-fungible tokens, are transforming various industries, including art, music, sports, and real estate.…

5 months ago

Proton Technologies AG Unveils Open Source Bitcoin Wallet

Proton Technologies AG, the Swiss company renowned for its encrypted email and VPN services, has…

5 months ago