According to Symantec’s experts, Lancefly’s approach is highly selective, with only a small number of machines being infected. The Merdoor malware boasts various functionalities, including self-installation as a service, keylogging capabilities, communication with the C2 server through different protocols such as HTTP, HTTPS, DNS, and the ability to listen for commands on a local port.
