Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes

The evidence that Lemon Duck is being successful in rolling out is a sharp uptick in activity in the Command & Control (C2) traffic. If you see suspect use of computing resources in your network, look for mining activity…:

[…] Lemon Duck has at least 12 independent infection vectors – more than most malware. These capabilities range from  Server Message Block (SMB) and Remote Desktop Protocol (RDP) password brute-forcing, sending emails with exploit attachments or targeting the RDP BlueKeep flaw (CVE-2019-0708) in Windows machines; or targeting vulnerabilities in Redis (an open-source, in-memory data structure store used as a database, cache and message broker) and YARN Hadoop (a resource-management and job-scheduling technology) in Linux machines.


Original article here