Intezer's security researchers have discovered that a cryptocurrency mining botnet has recently added a scanner to the BlueKeep RDP protocol vulnerability. The botnet is called WatchBog and has been active since the end of 2018, previously targeting only Linux systems. Since the beginning of June, this malware has infected more than 4,500 Linux machines and is largely undiscovered. It now appears that its operators are looking to expand its reach. The organization has been targeting known vulnerabilities in Linux systems and has recently expanded its list of implants to more servers.