FontOnLake: Dreadful malware that targets Linux computers

Post a Comment

A new family of malware has just appeared and it attacks systems running Linux. Malware lurks in legitimate-looking Linux utilities and provides hackers with stealth scopes for easy access to user data. It differs from other malware by its discretion and its great resilience.

According to researchers from the network security company Eset, the “FontOnLake” malware begins to appear more and more regularly on Linux machines. It was first detected on VirusTotal in May 2020, but the command and control servers connected to this malware were then disabled.

Analysis of the detected samples, however, enabled researchers to determine that FontOnLake contained remote access functionality, data theft tools and that it could initialize proxy servers. Eset researchers believe, however, that the malware operators are too cautious to be caught, as almost all of the samples obtained use different server addresses.

Modified Linux utilities

Eset says the malware is transmitted with modified Linux utilities that contain Trojans. “All modified files are standard Linux utilities and serve as a persistence method, as they are commonly executed at system startup,” says Vladislav Hrčka, malware and reverse engineering analyst at Eset. The researchers add that hackers modified the source code of legitimate utilities to incorporate malicious code. However, specialists are still looking for the distribution methods used to convince users to install these contaminated versions.

This malware installs backdoors on infected machines and allows hackers to collect a large amount of data. Researchers have also detected rootkits in malware, which allows it to act very discreetly while being difficult to dislodge. These rootkits also allow them to update themselves. According to Avast, the rootkit is based on the open source Suterusu project.

Unfortunately, this is not the first malware of this type to hit Linux devices, last August Avast alerted users to the “HCRootkit” malware, which used the same Suterusu rootkit. As always in this type of circumstance, it is important to remember that the majority of hacks are caused by user negligence. Therefore, never install software or utilities from sources whose authenticity you cannot guarantee.

Related Posts

Post a Comment

Subscribe Our Newsletter