[TheRecord] New FontOnLake Linux malware used in targeted attacks

Analysts from Slovak security firm ESET said they uncovered a new malware strain that targets Linux systems, which, based on current evidence, they believe was used in a handful of targeted attacks.

Named FontOnLake, researchers said the malware’s operators have been “particularly cautious” when deploying this tool in attacks.

“The first known file of this malware family appeared on VirusTotal last May and other samples were uploaded throughout the year,” said ESET malware analyst Vladislav Hrčka.

“The location of the C&C server and the countries from which the samples were uploaded to VirusTotal might indicate that its targets include Southeast Asia,” he added.

At the time of writing, all the command-and-control (C&C) servers were down, which is reminiscent of typical attacks that target a small number of targets, with operators taking down infrastructure once their goals are met.

But a more in-depth technical analysis of the FontOnLake malware is available in a PDF report released today by ESET, with a summary of the findings also available below:

FontOnLake’s primary role is to provide remote access to hacked systemsBuilt around a modular architectureModules are custom-made and well-designedModules received upgrades, meaning that its creators are actively maintaining the malwareOne of the modules is a rootkit component, which the malware uses to gain reboot persistence and full control over an infected systemOther modules are trojanized versions of common Linux binaries, deployed on the hacked system to gather and exfil local credentials and other sensitive informationOther modules are used as backdoor systems to facilitate access to the infected system in order to run commands, interact with local files, and control the malware itselfTo bypass firewalls and other security systems, FontOnLake can also turn infected hosts into proxy servers

Additional analysis about this new stealthy malware is also available from TencentAvast, and Lacework, all of which have also encountered this new threat over the summer, under names like HCRootkit and Sutersu.

The post New FontOnLake Linux malware used in targeted attacks appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[BleepingComputer] US introduces bills to secure critical infrastructure from cyber attacks

The US House Committee on Homeland Security has passed five bipartisan bills on Monday to bolster defense capabilities against cyber attacks targeting US organizations and critical infrastructure. […] Source: Read More (BleepingComputer)

Read More

Daily NCSC-FI news followup 2019-06-21

Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount www.wired.com/story/iran-hackers-us-phishing-tensions/ WHEN TWO COUNTRIES begin to threaten war in 2019, it’s a safe bet that they’ve already been hacking each other’s networks. Right on schedule, three different cybersecurity firms now say they’ve watched Iran’s hackers try to gain access to a wide array of US […]

Read More

[ThreatPost] Cobalt Strike Usage Explodes Among Cybercrooks

All posts, ThreatPost

The legit security tool has shown up 161 percent more, year-over-year, in cyberattacks, having “gone fully mainstream in the crimeware world.” Source: Read More (Threatpost)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.