Lemon Duck Botnet is Infecting Users Through Fake COVID-19 Emails

Vandana  |  Oct 15, 2020

Lemon Duck, a crypto mining botnet, is spreading viciously across computers with the Windows 10 operating system. This botnet is infecting the users through the fake COVID-19 emails. It has been quite some time that the cybersecurity researchers have identified an increase in activity on this botnet. 

Lemon Duck is not a new one as it was first identified in December 2018. However, in the past few weeks, a huge increase in activity has been identified on it and it has infiltrated a huge number of machines, particularly for mining Monero.

Lemon Duck Infections are Hard to be Detected by Users

Talos Intelligence Group by Cisco conducted research regarding the same and they revealed that the infections done by the botnet are really hard to be detected by the users. Hence, there is a need for power defenders and network administrators to detect any such infection done to the machine. 

Recently, Lemon Duck has targeted the Windows 10 computers and has been infecting the devices by sending fake COVID-19 emails. Two malicious files were there in those emails, one will be in the readme.doc format and another one in readme.zip. Once the user opens these files, the malware gets directly installed onto the devices and then terminates a lot of Windows services and downloads from the device.

Linux Systems Were Also on Target

It is not only Windows systems as Lemon Duck has also targeted Linux Systems, however, but the major target was also Windows only. The reason why they have chosen Monero is that it is very easy to obfuscate as compared to other cryptocurrencies out there. It is still not revealed by the researchers and the investigation team who is behind this botnet. It is also revealed that Lemon Duck is also connected to another crypto-mining malware called “Beapy.”

Related News