Cisco's cyberthreats division Talos has discovered increased activity by the Lemon Duck botnet. With its help, attackers use the power of infected devices to mine the Monero cryptocurrency.

Researchers have recorded malicious The software was back in December 2018, however, they drew attention to its increased activity since the end of March 2020. Lemon Duck uses at least 12 different vectors of infection and can infect both Windows and Linux systems. Among other things, the botnet spreads via emails. Often their topic is related to the coronavirus. They contain malicious attachments that are automatically sent by Microsoft Outlook to all contacts of the infected user.

Once installed, the botnet shuts down a number of services and loads other tools for hidden network connections. Most of the Lemon Duck victims are from Iran, Egypt, the Philippines, Vietnam and India.

 Recall that in July, Talos specialists identified the Prometei botnet, which infected about 5,000 computers for hidden Monero mining.