LemonCat Malware Executes Devastating Attacks, Carries the Ramnit Trojan

The Lemon Duck Malware has been around since 2019. It is still known for being part of one of the largest cryptojacking campaigns in recent years and, unfortunately, it seems like the criminals behind it are not satisfied yet. Their name was recently linked to another malware family that shows similar functionality. The threat, dubbed LemonCat Malware, actually has additional features as well. In fact, it might end up surpassing its predecessor, considering the inclusion of new functionality.

Lemon_Duck Malware Gang Unleashes the LemonCat Malware

Cybersecurity researchers are 100% positive that both projects belong to the same gang because they share the same network infrastructure, as well as names of internal functions and components. Furthermore, both campaigns rely on similar techniques to reach their targets.

But what does the LemonCat Malware have that is better than its predecessor. According to researchers, it has the ability to deploy additional malware on compromised systems, as well as to log keystrokes, spy on users, and exfiltrate data or credentials. Its features are similar to the ones you would find in high-profile backdoor Trojans. Allegedly, the first attacks to involve the LemonCat Malware can be traced back to January 2021.

Although the LemonCat Malware is perfectly capable of handling attacks on its own, it seems that its operators are often relying on 3rd-party payloads to gain more access to the systems they compromise. Their choice of implant is also peculiar – many of the LemonCat-infected systems also had the Ramnit Trojan active.

Spearphishing Emails Used to Spread the LemonCat Malware

The methods used to propagate the LemonCat Malware are likely to be similar to the ones spotted on the Lemon Duck campaigns. The criminals target both Linux and Windows operating systems, and they target a broad range of vulnerabilities considering the operating systems and accompanying software. Victims are typically approached through phishing emails covering a wide range of topics such as delivery services, COVID-19, World Health Organization (WHO,) and others.

The way that the Lemon Duck gang has evolved is spectacular, but their implant is not unstoppable. Users who invest in reputable antivirus products should be safe from an eventual LemonCat Malware attack.

July 26, 2021
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.