Cryptocurrency mining botnet activity is spiking, warns researchers
Cisco Talos researchers warn that activity by the Lemon Duck cryptocurrency mining botnet has spiked in the past six weeks.
Thu, 15 Oct 2020, 07:15 am UTC
Researchers have issued a warning on the dramatic rise in the activity Lemon Duck, a cryptocurrency mining botnet. The team of experts noted that the activity of the mining botnet, which targets its victims’ computer resources to mine Monero (XMR), has spiked since August 2020.
While the Lemon Duck cryptocurrency mining botnet has been around since December, researchers have noted a big jump in activity in the past six weeks, according to Cointelegraph. This suggests that the malware was able to infect more computers and used them to mine Monero without their owners’ knowledge.
“Although this threat has been active since at least the end of December 2018, we have noticed an increase in its activity at the end of August 2020,” researchers from Cisco Talos wrote in a report published on Tuesday, October 13.
While the Cisco Talos experts were able to detect the botnet’s activity, it is difficult to detect for the regular computer user. “Cisco Talos recently recorded increased activity of the Lemon Duck cryptocurrency-mining botnet using several techniques likely to be spotted by defenders, but are not immediately obvious to end-users,” the researchers added.
The report also showed a graph showing the geographic distribution of the crypto mining botnet’s activities, which mostly targeted Asian countries. India, Iran, the Philippines, Vietnam, and Egypt are the top countries with the densest concentration of the malware’s activities.
The malware appears to be targeting systems running on Windows 10 by exploiting the vulnerabilities of its system services. It spreads mainly through emails with a Covid-19 related subject. Once the recipient clicks on the attached files, the system becomes infected and the malware then activates Outlook to send copies of the email to everyone on the user’s contacts.
The researchers wrote that the emails contain an RTF document with the name readme.doc which exploits a remote code execution vulnerability of the operating system. The second file name readme.zip will run a script that downloads the Lemon Duck malware.
There’s a possibility that cryptojacking malware can damage the hardware physically. By constantly carrying out its mining process in the background, it could increase power usage and generate more heat than usual that could even lead to a fire.
<Copyright © TokenPost. All Rights Reserved. >