Researchers are warning of a recent dramatic uptick in the activity of the Lemon Duck cryptocurrency-mining botnet, which targets victims’ computer resources to mine the Monero virtual currency.

Researchers warn that Lemon Duck is “one of the more complex” mining botnets, with several interesting tricks up its sleeve. While the botnet has been active since at least the end of December 2018, researchers observed an increase in DNS requests connected with its command-and-control (C2) and mining servers since the end of August, in a slew of attacks centered on Asia (including ones targeting Iran, Egypt, Philippines, Vietnam and India).

“Cisco Talos has identified activity in our endpoint telemetry associated with Lemon Duck cryptocurrency mining malware, affecting three different companies in the government, retail, and technology sectors,” said researchers with Cisco Talos, in Tuesday research. “We observed the activity spanning from late March 2020 to present.”

More recent attacks have included less-documented modules that are loaded by the main PowerShell component – including a Linux branch and a module allowing further spread by sending emails to victims with COVID-19 lures.

Threatpost has reached out to researchers for further information about how many victims have been targeted and the extent to which the botnet’s operators have profited off of the cryptomining attacks.

#vulnerabilities #web security #amd #attack spike #bluekeep #botnet #brute force #cisco talos #covid-19 #cryptocurrency #cryptomining #dns #gtx #lemon duck #linux #monero #nvidia #rdp #windows