Technology

FontOnLake malware strikes Linux systems in targeted attacks | ZDNet

By Naomi Gleit

A brand of malware that has previously gone undetected is being used in targeted attacks against Linux systems. 

According to researchers from cybersecurity firm ESET, the malware, named FontOnLake, appears to be well-designed and while under active development already includes remote access options, credential theft features, and is able to initialize proxy servers. 

FontOnLake samples first appeared on VirusTotal in May 2020 but the command-and-control (C2) servers linked to these files are disabled, which the researchers say may be due to the uploads. 

The researchers added that Linux systems targeted by the malware may be located in areas including Southeast Asia.  

ESET believes the operators are “overly cautious” about being caught and their activities exposed as almost all samples obtained use different C2 server addresses and a variety of ports. Furthermore, the malware’s authors make use of C/C++ and a number of third-party libraries such as Boost and Protobuf. 

FontOnLake is modular malware that harnesses custom binaries to infect a machine and to execute malicious code. While ESET is still investigating FontOnLake, the firm says that among its known components are trojanized apps which are used to load backdoors, rootkits, and to collect information.

“Patches of the applications are most likely applied on the source code level, which indicates that the applications must have been compiled and replaced the original ones,” the team says. 

In total, three backdoors have also been connected to FontOnLake. The backdoors are all written in C++ and create a bridge to the same C2 for data exfiltration. In addition, they are able to issue “heartbeat” commands to keep this connection active. 

FontOnLake is always joined with a kernel-mode rootkit to maintain persistence on an infected Linux machine. According to Avast, the rootkit is based on the open source Suterusu project. 

Tencent and Lacework Labs have also published research on what appears to be the same strain of malware. ESET has also released a technical whitepaper (.PDF) examining FontOnLake. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Naomi Gleit 44843 posts 0 comments
More Stories

What is a complementary metal-oxide semiconductor (CMOS)? |…

Startup aims to use rails, not power lines, to transport…

Will OnePlus 13 outpace Xiaomi with the first Snapdragon 8…

1 of 69,748