Cisco's cyberthreat division Talos has revealed increased activity by the Lemon Duck botnet, which allows attackers to mine Monero cryptocurrency.

Researchers recorded malware back in December 2018, however drew attention to its increased activity since the end of March 2020.

Lemon Duck uses at least 12 different vectors of infection and can infect Windows and Linux systems. Among other things, the botnet spreads via email. Often, the subject of infected emails is related to the coronavirus. They contain malicious attachments that are automatically sent by Microsoft Outlook to all contacts of the infected user.

Once installed, the botnet shuts down some services and loads other tools for hidden Internet connections. Most of the Lemon Duck victims are from Iran, Egypt, the Philippines, Vietnam and India.