Crypto Frontline

Online users should be cautious with their suspicious emails due to a difficult-to-detect crypto mining botnet that has the ability to spread through computers using Windows 10. Cybersecurity experts already noticed that the activity of this malicious software increased since August, but the way it can install on a workstation is easily preventable.

A few months ago we’ve talked about a vulnerability in the hardware wallet Ledger, but in this case, the issue is more serious, considering you don’t have to be a cryptocurrency user to have this botnet running on your PC without even noticing it.

What is Lemon Duck and how does it spread?

Called “Lemon Duck”, this is a crypto mining botnet that is assumed to have started spreading across the internet in December 2018. It should be a great concern for everybody with access to the internet, given that it can use computational power to mine Monero (XMR) for hackers. Cryptojacking can be dangerous, leading even to physical damages of the hardware, and all the times, it comes with increased power consumption and heat generation, which is reducing the performance of the workstation.

It is important to keep in mind this botnet exploits several Windows 10 vulnerabilities and is spreading via emails related to COVID-19. As the pandemic continues to be one of the main headlines daily, this is the best way to draw attention.

According to the information currently available on the web, these malicious emails will have two attachments, a readme.doc and a readme.zip file, the former exploiting a code execution vulnerability, while the lather containing a script that downloads and runs the Lemon Duck loader.

How can users protect against Lemon Duck?

Prevention methods are thus advised, considering “Lemon Duck” is extremely difficult to find. Once installed on a Windows 10-operating device, it will terminate several Windows services and download other tools At the same time, since it mines Monero, one of the most popular private tokens, users won’t be able to find out where the illicitly-mined XMR tokens had gone.

During the past six weeks, a big jump in the number of infected devices had been noticed, which means “Lemon Duck” continues to be an important concern. To make sure that it won’t happen to you as well, it is important to avoid emails sent by unknown third parties, as long as there is no active subscription. Cryptojacking is still one of the unsolved issues with cryptocurrency mining and until a solution will be found, all users have to do is take precautions.