ESET Research uncovers FontOnLake: Targeted malware attacking Linux in Southeast Asia


(MENAFN- Mid-East.Info) Dubai, UAE: ESET researchers have discovered a previously unknown malware family that utilizes custom and well-designed modules, targeting operating systems running Linux. Modules used by this malware family, which ESET dubbed FontOnLake, are constantly under development and provide remote access to the operators, collect credentials, and serve as a proxy server. The location of the C & C server and the countries from which the samples were uploaded to VirusTotal might indicate that its targets include Southeast Asia.

“The sneaky nature of FontOnLake's tools in combination with advanced design and low prevalence suggest that they are used in targeted attacks,” explains Vladislav Hrčka, ESET Malware Researcher who analyzed this threat. To collect data or conduct other malicious activity, this malware family uses modified legitimate binaries that are adjusted to load further components. In fact, to conceal its existence, FontOnLake's presence is always accompanied by a rootkit. These binaries are commonly used on Linux systems and can additionally serve as a persistence mechanism.

ESET researchers believe that FontOnLake's operators are overly cautious since almost all samples seen by ESET use different, unique C & C servers with varying non-standard ports. The authors use mostly C/C++ and various third-party libraries such as Boost, Poco and Protobuf.

The first known file of this malware family appeared on VirusTotal last May and other samples were uploaded throughout the year. None of the C & C servers used in samples uploaded to VirusTotal were active at the time of writing, indicating that they could have been disabled due to the upload.

All known components of FontOnLake are detected by ESET products as Linux/FontOnLake.“Companies or individuals who want to protect their Linux endpoints or servers from this threat should use a multilayered security product and an updated version of their Linux distribution; some of the samples we have analyzed were created specifically for CentOS and Debian,” advises Hrčka.

Following ESET Research's discovery while finalizing the FontOnLake white paper, vendors such as Tencent Security Response Center, Avast and Lacework Labs published their research on what appears to be the same malware. ESET will present its findings on FontOnLake on the AVAR 2021 Virtual conference held at the beginning of December.

About ESET :

For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, as well as encryption and multifactor authentication, ESET's high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET's R & D centers worldwide, working in support of our shared future. 

MENAFN08102021005446012082ID1102941961


Mid-East Info

Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.