Lemon_Duck

Lemon_Duck Description

Lemon_Duck is a worm and cryptocurrency-mining Trojan that hijacks your PC's CPU for generating cryptocurrency. Lemon_Duck contains robust support for self-distribution, and, in particular, can infect removable devices and travel throughout vulnerable networks laterally. Isolate compromised systems and have a trusted anti-malware product remove Lemon_Duck safely in all circumstances.

This Program's a Bit of a Lemon

A threat that's been mining its way through Asia is turning its sights further abroad, as the cyber-security industry is confirming its presence on multiple, enterprise-grade networks over the world. In many ways, malware experts are finding that Lemon_Duck encapsulates many of the most popular trends in cryptocurrency-mining by force, which it supplements with substantial capability for self-propagation. The worm is PowerShell-based, and, like many miners, takes advantage of security missteps by its victims.

Lemon_Duck uses brute-force attacks for cracking logins via a pair of dictionaries. However, it also exploits EternalBlue, the well-known SMB protocol attack that is a part of campaigns of threats such as Smominru, Plurox and Beapy. These spreading mechanisms use any randomly-found, vulnerable ports and IP addresses. Last, Lemon_Duck will drop copies of itself onto removable USBs, generate corrupted startup files and spread throughout local networks.
This multi-pronged approach to the worm's distribution supports a conventional money-making payload of cryptocurrency mining. Lemon_Duck mines with what malware experts determine is a secondary module, possibly, a variant of XMRig, and limits itself to CPU-based mining. This restriction both guarantees Lemon_Duck's compatibility with a range of hardware and eliminates more potentially noticeable symptoms for the users.

Teaching Ducks to Fly Off

Lemon_Duck prefers business networks for its 'home.' However, this choice seems based on the convenience of finding vulnerabilities and infecting networked systems en masse, rather than compromising valuable corporate data. Nonetheless, its mere presence is a security threat that requires all due diligence from network administrators.

Malware experts recommend avoiding sharing removable devices and disabling all network connections as the first step with any worm, particularly, this one. Users also can install patches that eliminate the most well-known vulnerabilities and make a point of using passwords that aren't likely of being in a database of black hat dictionaries. As always, cryptocurrency mining has the potential of causing hardware damage or performance issues, depending on the configuration.
Lemon_Duck is receiving routine updates that expand the feature set with 'borrowed' attacks from other sources, such as a 'pass the hash' NTLM technique, and it may express features beyond those outlined here. Still, most anti-malware solutions should remove Lemon_Duck and block its modules and scripts appropriately.

Lemon_Duck is leaving a sour taste in the mouths of network users worldwide, but they have some blame in the situation. Keeping ports open and using lazy passwords are welcoming doormats to any trojan that comes knocking, looking for free cryptocurrency mills.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Lemon_Duck may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Lemon_Duck may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: October 7, 2019

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.