‘FontOnLake’ Malware Household Targets Linux Programs



A beforehand unknown malware household dubbed FontOnLake is focusing on methods operating Linux, ESET researchers discovered.
FontOnLake makes use of “customized and well-designed modules,” malware analyst Vladislav Hrčka wrote in a weblog publish on the discovering. Modules utilized by the malware household “are continuously below growth and supply distant entry to the operators, accumulate credentials, and function a proxy server,” he wrote.
The primary recognized FontOnLake file appeared on VirusTotal in Could 2020 and different samples had been uploaded all year long. Each the situation of its command-and-control server and the international locations from which samples had been uploaded to VirusTotal might point out that the attackers’ targets embrace Southeast Asia.
“We imagine that FontOnLake’s operators are significantly cautious since virtually all samples seen use distinctive [C2] servers with various non-standard ports,” Hrčka wrote.
The malware household’s recognized elements embrace Trojanized functions, backdoors, and rootkits, which work together with one another Researchers discovered a number of Trojanized functions, largely used to load customized backdoor or rootkit modules. The three backdoors found are written in C++; the performance they’ve in frequent is every exfiltrates collected credentials and its bash command historical past to the C2 server. Researchers discovered two “marginally completely different” variations of the rootkit, used separately, in every of the three backdoors.
Learn ESET’s full weblog publish for extra particulars.Sustain with the most recent cybersecurity threats, newly-discovered vulnerabilities, knowledge breach data, and rising traits. Delivered every day or weekly proper to your electronic mail inbox.Subscribe