LemonCat Malware Executes Devastating Attacks, Carries the Ramnit Trojan
The Lemon Duck Malware has been around since 2019. It is still known for being part of one of the largest cryptojacking campaigns in recent years and, unfortunately, it seems like the criminals behind it are not satisfied yet. Their name was recently linked to another malware family that shows similar functionality. The threat, dubbed LemonCat Malware, actually has additional features as well. In fact, it might end up surpassing its predecessor, considering the inclusion of new functionality.
Lemon_Duck Malware Gang Unleashes the LemonCat Malware
Cybersecurity researchers are 100% positive that both projects belong to the same gang because they share the same network infrastructure, as well as names of internal functions and components. Furthermore, both campaigns rely on similar techniques to reach their targets.
But what does the LemonCat Malware have that is better than its predecessor. According to researchers, it has the ability to deploy additional malware on compromised systems, as well as to log keystrokes, spy on users, and exfiltrate data or credentials. Its features are similar to the ones you would find in high-profile backdoor Trojans. Allegedly, the first attacks to involve the LemonCat Malware can be traced back to January 2021.
Although the LemonCat Malware is perfectly capable of handling attacks on its own, it seems that its operators are often relying on 3rd-party payloads to gain more access to the systems they compromise. Their choice of implant is also peculiar – many of the LemonCat-infected systems also had the Ramnit Trojan active.
Spearphishing Emails Used to Spread the LemonCat Malware
The methods used to propagate the LemonCat Malware are likely to be similar to the ones spotted on the Lemon Duck campaigns. The criminals target both Linux and Windows operating systems, and they target a broad range of vulnerabilities considering the operating systems and accompanying software. Victims are typically approached through phishing emails covering a wide range of topics such as delivery services, COVID-19, World Health Organization (WHO,) and others.
The way that the Lemon Duck gang has evolved is spectacular, but their implant is not unstoppable. Users who invest in reputable antivirus products should be safe from an eventual LemonCat Malware attack.