A brand new marketing campaign has been found utilizing a beforehand unrecognized Linux malware, FontOnLake. It offers distant entry of the contaminated gadget to its operators.
Making the headlines
- The malware seems to boast sneaky nature and superior designs.
- The primary pattern of this malware was uploaded to VirusTotal in Might of final yr, implying its first use in intrusions.
- Trying on the C&C servers and the supply nations from the place the malware samples had been uploaded, researchers suspect that this malware has been used to focus on Linux customers in Southeast Asia.
FontOnLake was tracked by Avast and Lacework Labs with a unique identify, HCRootkit.
Technical particulars and detection evasion
- The malware has three elements – trojanized variations of real Linux utilities, rootkits, and user-mode backdoors. All these talk with one another utilizing digital recordsdata.
- These C++-based implants are created to watch techniques, covertly run instructions on networks, and steal account credentials.
- With a view to gather information, it makes use of modified real binaries to load different elements.
- Furthermore, its binaries are utilized in Linux techniques and likewise function a persistence mechanism.
- The attacker depends on completely different, distinctive C2 servers with alternating non-standard ports to keep away from leaving any tracks.
FontOnLake is a well-designed and feature-rich malware, readied by expert and complex cybercriminals. Safety groups are instructed to proactively put together their defenses towards this risk.