LemonDuck malware has evolved into a versatile threat, targeting both Windows and Linux systems. It exploits SMB vulnerabilities, particularly EternalBlue, to gain network access. The malware uses brute-force attacks, creates hidden administrative shares, and executes malicious actions via batch files and PowerShell scripts. It ensures persistence through scheduled tasks, disables Windows Defender, and employs anti-detection mechanisms. The attack includes cryptomining, system compromise, and lateral movement. LemonDuck disguises itself as legitimate system services, manipulates firewall settings, and uses base64 encoding for obfuscation. It also utilizes Mimikatz for credential theft and employs multiple techniques for stealth and repeated execution.