Experts warn of rising Lemon Duck botnet activity linked to Monero mining

Cisco’s Talos unit, specialising in cyber threats, discovered increased activity of the Lemon Duck botnet. Using it, attackers harness the processing power of infected devices to mine the cryptocurrency Monero.

Researchers first spotted the malware back in December 2018, but drew attention to its heightened activity from late March 2020.

Lemon Duck uses at least 12 different infection vectors and can affect systems running Windows as well as Linux.

Among other methods, the botnet spreads via email. Its subject lines are often related to the coronavirus. They contain malicious attachments, automatically sent via Microsoft Outlook to all contacts of the infected user.

After installation, the botnet terminates a number of services and loads other tools to establish covert connections to the network.

Most Lemon Duck victims are residents of Iran, Egypt, the Philippines, Vietnam and India.

Earlier in July, Talos researchers identified the Prometei botnet, which infected about 5,000 computers for covert Monero mining.

Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news and polls.