CxoToday
CxoToday
HomePress ReleaseESET Research uncovers FontOnLake, a Targeted malware attacking Linux 
Press Release

ESET Research uncovers FontOnLake, a Targeted malware attacking Linux 

CXOtoday News DeskCXOtoday News Desk

ESET researchers have discovered a previously unknown malware family that utilizes custom and well-designed modules, targeting operating systems running Linux. Modules used by this malware family, which ESET dubbed FontOnLake, are constantly under development and provide remote access to the operators, collect credentials, and serve as a proxy server. The location of the C&C server and the countries from which the samples were uploaded to VirusTotal might indicate that its targets include the Asian countries.

“The sneaky nature of FontOnLake’s tools in combination with advanced design and low prevalence suggest that they are used in targeted attacks,” explains Vladislav Hrčka, ESET Malware Researcher who analyzed this threat. To collect data or conduct other malicious activity, this malware family uses modified legitimate binaries that are adjusted to load further components. In fact, to conceal its existence, FontOnLake’s presence is always accompanied by a rootkit. These binaries are commonly used on Linux systems and can additionally serve as a persistence mechanism.

ESET researchers believe that FontOnLake’s operators are overly cautious since almost all samples seen by ESET use different, unique C&C servers with varying non-standard ports. The authors use mostly C/C++ and various third-party libraries such as BoostPoco and Protobuf.

The first known file of this malware family appeared on VirusTotal last May and other samples were uploaded throughout the year. None of the C&C servers used in samples uploaded to VirusTotal were active at the time of writing, indicating that they could have been disabled due to the upload.

All known components of FontOnLake are detected by ESET products as Linux/FontOnLake. “Companies or individuals who want to protect their Linux endpoints or servers from this threat should use a multilayered security product and an updated version of their Linux distribution; some of the samples we have analyzed were created specifically for CentOS and Debian,” advises Hrčka.

Following ESET Research’s discovery while finalizing the FontOnLake white paper, vendors such as Tencent Security Response Center, Avast and Lacework Labs published their research on what appears to be the same malware. ESET will present its findings on FontOnLake at the AVAR 2021 Virtual conference held at the beginning of December.

For more technical details about FontOnLake, read the blogpost “FontOnLake: Previously unknown malware family targeting Linux” on WeLiveSecurity

Tags :ESETESET Research
add a comment

Leave a Response

You Might Also Like

CxoToday
CXOtoday is a premier resource on the world of IT, relevant to key business decision makers. We offer IT perspective & news to the C-suite audience. We also provide business and technology news to those who evaluate, invest, and manage the IT infrastructure of organizations. CXOtoday has a well-networked and strong community that encourages discussions on what’s happening in the world of IT and its impact on businesses.

Useful Links

Information

Connect

Facebook Twitter Linkedin

Copyright © 2024 Trivone. All Rights Reserved.

channeltimes
Techtree
SupportBiz
khelnama