The cryptocurrency mining malware called Lemon_Duck got an overhaul to extend its reach and exhibit more sophisticated properties.

Lemon_Duck Monero miner operators are refining their tactics

After the facelift, the threat can plague Linux servers through SSH brute force incursions, contaminate Windows computers via SMBGhost flaw, and poison Redis as well as Hadoop servers.

Discovered by cybersecurity firm Trend Micro in 2019, Lemon_Duck focuses on compromising enterprise networks. It gains a foothold in corporate environments by brute-forcing MS SQL access credentials or via the notorious EternalBlue exploit that piggybacks on the Server Message Block (SMB) communication protocol. Having infiltrated a vulnerable device, the malicious code downloads a copy of the XMRig Monero CPU miner that parasitizes the machine’s resources to mine cryptocurrency.