Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes
Researchers have been monitoring a spike in the cryptocurrency mining botnet Lemon Duck, occurring since this August. The Lemon Duck botnet is a complex mining botnet that has the capability to tap into victims’ computer resources and mine the Monero virtual currency. Researchers warn that although the botnet has been active since December 2018, it has increased its toolkit and continues to elevate its operations. An onslaught of attacks utilizing the botnet has been observed targeting Iran, Egypt, India, Phillippines, and Vietnam.
Cybersecurity research firm Cisco Talos has identified activity associated with the cryptocurrency botnet, stating that it is affecting different companies within sectors such as the government, retail, and technology. The most recent attacks documented utilizing the Lemon Duck malware include modules loaded by the main PowerShell component and a module spreading through email phishing campaigns with COVID-19 headlines.