Bitcoin
$ 58,012
Ethereum
$ 2,078.7
Litecoin
$ 224.68
okex ads

Monero-mining botnet Lemon Duck records spike in activity

Cybersecurity researchers are warning of a recent spike in activity of a stealthy digital currency mining botnet. Known as Lemon Duck, it targets Windows users and spreads by sending rich text format (RTF) files via email.

Lemon Duck has been around since December 2018. However, researchers at Cisco-owned Talos Intelligence Group have noticed a sharp rise in DNS requests connected with its command-and-control (C2) servers since the end of August.

In a blog post, the researchers revealed that Lemon Duck has 12 independent infection vectors, making it more potent than most malware. They include sending emails containing exploit attachments and brute-forcing a system’s SMB protocol. Once it infects a computer, it downloads a PowerShell loading script which disables the Windows Defender’s real-time protection. It also includes powershell.exe on the list of processes excluded from scanning.

Once installed, the botnet downloads and activates a mass-mailing module and then sends emails to all the victim’s contacts through Microsoft Outlook. These emails contain two malicious files, readme.doc and readme.zip, that download and install Lemon Duck on the target computer. To entice their targets, the emails contain COVID-19 related text.

Source: Talos Intelligence Group

Lemon Duck combines code taken from several open-source projects with code specifically designed by the hacker, “showing moderate level of technical skills and understanding of security issues in Windows and various network protocols,” according to the report.

Talos researchers revealed that there were a number of overlaps between Lemon Duck and yet another cryptojacking malware dubbed Beapy that targeted East Asia in 2019. The two botnets also share emails and a number of URLs.

The resurgence of Lemon Duck is consistent with an uptick in digital currency mining malware recently observed by Talos, including the return of PowerGhost, Tor2Mine and Protemei.

Lemon Duck, like most other cryptojacking malware, mines Monero, a dark coin whose relative anonymity makes it the go-to for hackers. The botnet’s most popular targets are Egypt, China, Iran, Vietnam and India.

Related Posts

Leave a Reply

Newsletter

Subscribe To Newsletter

For updates and exclusive offers, enter your e-mail below.

Popular Posts

Moderna and IBM to Jointly Explore Blockchain Technology for Vaccine Traceability
April 9, 2021By
Blockchain Association Hold Talks with Regulators Over Amenable Regulations
April 8, 2021By
ECB chief: Digital euro could take 4 years
April 8, 2021By

Advertisement

Video Posts

In
Tech Adoption For Small Business
April 6, 20210
In
OKEx Nigeria Exclusive Summit 2021
April 6, 20210

Crypto Stats


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin58,012 0.44 % 1.52 % 1.34 %
Ethereum2,078.7 0.34 % 2.03 % 5.49 %
Binance Coin419.79 1.43 % 4.99 % 25.00 %
Tether1.000 0.25 % 0.02 % 0.02 %
Polkadot43.88 0.58 % 0.43 % 36.39 %
Cardano1.210 0.69 % 0.55 % 2.47 %
XRP1.020 0.08 % 3.50 % 78.61 %
Uniswap30.26 0.70 % 1.29 % 5.41 %
Litecoin224.68 0.63 % 0.91 % 10.82 %
Chainlink32.51 0.52 % 0.03 % 7.95 %