[TheRecord] New FontOnLake Linux malware used in targeted attacks

Analysts from Slovak security firm ESET said they uncovered a new malware strain that targets Linux systems, which, based on current evidence, they believe was used in a handful of targeted attacks.

Named FontOnLake, researchers said the malware’s operators have been “particularly cautious” when deploying this tool in attacks.

“The first known file of this malware family appeared on VirusTotal last May and other samples were uploaded throughout the year,” said ESET malware analyst Vladislav Hrčka.

“The location of the C&C server and the countries from which the samples were uploaded to VirusTotal might indicate that its targets include Southeast Asia,” he added.

At the time of writing, all the command-and-control (C&C) servers were down, which is reminiscent of typical attacks that target a small number of targets, with operators taking down infrastructure once their goals are met.

But a more in-depth technical analysis of the FontOnLake malware is available in a PDF report released today by ESET, with a summary of the findings also available below:

FontOnLake’s primary role is to provide remote access to hacked systemsBuilt around a modular architectureModules are custom-made and well-designedModules received upgrades, meaning that its creators are actively maintaining the malwareOne of the modules is a rootkit component, which the malware uses to gain reboot persistence and full control over an infected systemOther modules are trojanized versions of common Linux binaries, deployed on the hacked system to gather and exfil local credentials and other sensitive informationOther modules are used as backdoor systems to facilitate access to the infected system in order to run commands, interact with local files, and control the malware itselfTo bypass firewalls and other security systems, FontOnLake can also turn infected hosts into proxy servers

Additional analysis about this new stealthy malware is also available from TencentAvast, and Lacework, all of which have also encountered this new threat over the summer, under names like HCRootkit and Sutersu.

The post New FontOnLake Linux malware used in targeted attacks appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[HackerNews] Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters

All posts, HackerNews

Researchers have disclosed an unpatched security vulnerability in “dompdf,” a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations. “By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, […]

Read More

[HackerNews] New Ransomware Variants Flourish Amid Law Enforcement Actions

All posts, HackerNews

Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement’s disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies. “Be it due to law enforcement, infighting amongst groups or people abandoning variants altogether, the RaaS [ransomware-as-a-service] Source: Read More (The Hacker News)

Read More

[ZDNet] Researchers turn the spotlight on the hidden workers of the cybercrime world

All posts, ZDNet

Phishing schemes, malware campaigns and other operations involve an array of workers beyond the criminal masterminds. Could giving them better opportunities for legitimate work help cut crime? Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.