Security News > 2021 > October > FontOnLake malware infects Linux systems via trojanized utilities
A newly discovered malware family has been infecting Linux systems concealed in legitimate binaries.
FontOnLake has multiple modules that interact with one another and enable communication with malware operators, stealing sensitive data, and staying hidden on the system.
While ESET researchers found that the distribution method for FontOnLake is via trojanized application, they do not know how victims are lured to download the modified binaries.
"All the trojanized files are standard Linux utilities and serve as a persistence method because they are commonly executed on system start-up," Vladislav Hrčka, malware analyst and reverse engineer at ESET,.
The researchers discovered three custom backdoors written in C++ associated with the FontOnLake malware family, which provide operators remote access to the infected system.
The researchers believe that the author of FontOnLake is "Well versed in cybersecurity" and deactivated the C2 servers used in the samples found on VirusTotal once they learned of the upload. A puff of FontOnLake.
News URL
Related news
- GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks (source)
- New Bifrost malware for Linux mimics VMware domain for evasion (source)
- New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion (source)
- Stealthy GTPDOOR Linux malware targets mobile operator networks (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (source)
- DinodasRAT malware targets Linux servers in espionage campaign (source)