Lemon_Duck cryptomining malware has been updated to compromise Linux machines via SSH. Malware is known for targeting enterprise networks via brute force attacks or the SMB protocol using EternalBlue or EternalBlue. The malware has added a module that exploits the wormable wormable SMBGhost (CVE-2020-0796) Windows SMB Ghost Client/Server RCE vulnerability. It can also exploit servers running exposed Redis (REmote DIctionary Server) databases and Hadoop clusters managed using YARN.
Source: https://www.bleepingcomputer.com/news/security/lemon-duck-cryptominer-malware-now-targets-linux-devices/