Security News > 2021 > October > Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems

Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems
2021-10-10 19:58

Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that's engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server.

The malware family, dubbed "FontOnLake" by Slovak cybersecurity firm ESET, is said to feature "Well-designed modules" that are continuously being upgraded with new features, indicating an active development phase.

"To collect data or conduct other malicious activity, this malware family uses modified legitimate binaries that are adjusted to load further components. In fact, to conceal its existence, FontOnLake's presence is always accompanied by a rootkit. These binaries are commonly used on Linux systems and can additionally serve as a persistence mechanism."

FontOnLake's toolset includes three components that consist of trojanized versions of legitimate Linux utilities that are used to load kernel-mode rootkits and user-mode backdoors, all of which communicate with one another using virtual files.

A second permutation of the backdoor also comes with capabilities to act as a proxy, manipulate files, download arbitrary files, while a third variant, besides incorporating features from the other two backdoors, is equipped to execute Python scripts and shell commands.

ESET said it found two different versions of the Linux rootkit that's based on an open-source project called Suterusu and share overlaps in functionality, including hiding processes, files, network connections, and itself, while also being able to carry out file operations, and extract and execute the user-mode backdoor.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/jmdg4qKSkpQ/researchers-warn-of-fontonlake-rootkit.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 18 397 1368 1114 696 3575