Alarming growth of difficult-to-detect 'Lemon Duck' crypto mining botnet

Udgivet den by Cointele | Udgivet den

A crypto mining botnet called Lemon Duck is spreading through Windows 10 computers, infecting users through fake Covid-19 emails.

Since the end of August, cybersecurity researchers have identified increased activity on a crypto mining botnet called "Lemon Duck".

The botnet has been around since December 2018, however a big jump in activity over the past six weeks suggests that the malware has infiltrated many more machines in order to harness their resources to mine the cryptocurrency Monero.

Research carried out by Cisco's Talos Intelligence Group, suggests that Lemon Duck infections are unlikely to have been detected by end users, however power defenders such as network administrators are likely to have picked it up.

Crypto mining malware can cause physical damage to hardware since it leaches resources by running the CPU or GPU constantly in order to carry out the mining process.

Windows 10 computers are targeted by the malware which exploits vulnerabilities in a number of Microsoft system services.

Zip which contains a script that downloads and runs the Lemon Duck loader.

Lemon Duck has also been known to infect Linux systems, but Windows machines are the primary victims.

The malware mines Monero since it is anonymous by design and very easy to obfuscate.

The researchers did not elaborate as to who was behind Lemon Duck though it has been linked to other crypto mining malware called "Beapy" which targeted East Asia in June 2019.

x