InsideBitcoins.com

Elusive Crypto Mining Botnet “Lemon Duck” Sees Alarming Growth

Core Scientific Signs Deal with Bitmain for 17k Mining Rigs

At the end of August, cybersecurity researchers have discovered a new crypto mining botnet dramatically increasing its activity, going by the name of “Lemon Duck.”

Blasting Into new Prominence

The botnet itself has been in the field since December of 2018, but it has seen a massive jump in activity within these past six weeks. This, in turn, suggests that far more machines had been infiltrated by the malware to allow it to mine the Monero cryptocurrency with greater resources.

Cisco’s Talos Intelligence Group had conducted research, which suggests that many end users have likely not detected the infections by Lemon Duck. Even so, power defenders, such as network administrators, are likely to have picked it up.

Windows 10 Is Its Favourite Target

Crypto mining malware runs the risk of actually physically damaging the hardware it infected. This is due to how it leaches resources by running the GPU and/or CPU in a constant fashion to allow for the mining process to work. Through doing so, the power consumption and heat generation will be dramatically increased, and might even lead to a fire in extreme cases.

The malware itself targets Windows 10 systems, exploiting various vulnerabilities across a number of Microsoft system services. The malware itself has seen itself spread by way of emails, theming itself with COVID-19 content, and attaching an infected file to the email. This botnet self-perpetuates, as well, as it leverages Outlook, a Windows emailing service, in order to send itself to every contact the infected system has, thus spreading the virus.

Some Details Regarding The Attack Itself

The malicious emails themselves hold two malicious files within: The first is an RTF document named readme.doc. This document exploits a vulnerability in Microsoft Office for remote code execution. The second file, readme.zip, contains a script that downloads and runs Lemon Duck Loader.

After installation, the software automatically terminates an array of Windows services, proceeding to download various other tools for stealth connections across the network. While Windows systems are the primary victims of Lemon ducks, Linux infections do occur, just relatively rarer.

After the malware has established itself, it mines the Monero privacy-focused cryptocurrency. This is due to how its anonymous design and easy obfuscation makes itself a perfect illegal mining coin. The researchers themselves have yet to say what entity is behind Lemon Duck, either through ignorance or through discretion. They did, however, link it to the “Beapy” crypto-mining malware, which targeted East Asia back in June of 2019.

Top brokers for buying and trading cryptocurrencies

  • Platform
  • Features
  • Rating
  • Visit Site
  • US-Friendly
  • Paypal accepted
  • 12+ cryptocurrencies
4.5/5

Visit Site
75% of retail investors lose money.
eToro Reviews

    eToro Reviews

    https://insidebitcoins.com/visit/etoro-newsCreate your account
    Hide eToro Reviews
    • Best broker for non-US countries
    • Trade crypto CFDs, forex and stocks
    • No withdrawal or deposit fees
    4.5/5

    Visit Site
    80.5% of retail investors lose money.
    Plus500 Reviews

      Plus500 Reviews

      https://insidebitcoins.com/visit/plus500-newsCreate your account
      Hide Plus500 Reviews
      Remember, all trading carries risk. Past performance is no guarantee of future results.
      Avatar

      A journalist, with experience in web journalism and marketing. Ali holds a master's degree in finance and enjoys writing about cryptocurrencies and fintech. Ali’s work has been published on a number of cryptocurrency publications.

      Leave a Reply

      Your email address will not be published. Required fields are marked *