Researchers report that the location of its C2 server and the countries where samples were uploaded may indicate targets include Southeast Asia.
A previously unknown malware family dubbed FontOnLake is targeting systems running Linux, ESET researchers found.
FontOnLake uses "custom and well-designed modules," malware analyst Vladislav Hrčka wrote in a blog post on the finding. Modules used by the malware family "are constantly under development and provide remote access to the operators, collect credentials, and serve as a proxy server," he wrote.
The first known FontOnLake file appeared on VirusTotal in May 2020 and other samples were uploaded throughout the year. Both the location of its command-and-control server and the countries from which samples were uploaded to VirusTotal may indicate that the attackers' targets include Southeast Asia.
"We believe that FontOnLake's operators are particularly cautious since almost all samples seen use unique [C2] servers with varying non-standard ports," Hrčka wrote.
The malware family's known components include Trojanized applications, backdoors, and rootkits, which interact with each other Researchers found multiple Trojanized applications, mostly used to load custom backdoor or rootkit modules. The three backdoors discovered are written in C++; the functionality they have in common is each exfiltrates collected credentials and its bash command history to the C2 server. Researchers found two "marginally different" versions of the rootkit, used one at a time, in each of the three backdoors.
Read ESET's full blog post for more details.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024