Lemon Duck Cryptominer Spreads through Covid-19 Themed Emails


Malware authors continue to take advantage of the coronavirus pandemic to propagate threats. In a recent related campaign, we have come across a PowerShell script (mailer script) that distributes the Lemon Duck cryptominer through a new propagation method: Covid-19-themed emails with weaponized attachments. These emails are delivered to all Microsoft Outlook contacts of the user of a compromised machine, as similarly observed by SANS Internet Storm Center.

Once the users’ devices are compromised by the mailer script, the users’ Microsoft Outlook accounts will send out emails with malicious attachments to their contacts. If the receivers of these emails download and execute the attachments, Lemon Duck cryptominer will get into their devices.

 

Read more…
Source: Trend Micro