The infamous cross-platform LemonDuck crypto-mining malware has continued to refine and improve upon its techniques to strike both Linux and Windows OSes by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns.

"LemonDuck, an actively updated and robust malware that's primarily known for its botnet and cryptocurrency mining objectives, followed the same trajectory when it adopted more sophisticated behavior and escalated its operations," Microsoft said in a technical write-up published last week. "Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity."

The malware is notorious for its ability to propagate rapidly across an infected network to facilitate information theft and turn the machines into cryptocurrency mining bots by diverting their computing resources to illegally mine cryptocurrency. Notably, LemonDuck acts as a loader for follow-on attacks that involve credential theft and the installation of next-stage implants that could act as a gateway to a variety of malicious threats, including ransomware.