FontOnLake – Previously Unknown Malware Attack Linux Systems

A brand-new modular Linux malware has been just recently discovered by ESET that is called as FontOnLake. And this malware has many functions, among them is “well-designed modules.”

The destructive code was utilized by the threat actors to work out all the data from infected systems and performances as a proxy server.

This feature is very well designed and is continually being updated with an extensive variety of skills, which generally indicates an active development stage.

Lurking under legit utilities

FontOnLake is most likely practiced in targeted attacks by operators that are properly mindful to make use of the distinct command and control (C2) servers for samples and various non-standard ports.

FontOnLake is quite hazardous in nature, as the malware has different modules that communicate with one another and simply permit communication with malware operators, after doing that it takes delicate data, and keeps itself hidden on the system.

Parts of FontOnLake

In this malware, the threat stars have utilized several trojanized apps to fill customized backdoor along with rootkit modules. All the applications that are present in this malware function as a constancy technique.

Since they are mostly utilized in start-ups, and not only this even all the trojanized files are basic Linux energies.

The operators of this malware are well trained and know the specific method of implementing the attack. While the majority of the features of the malware are specifically designed to conceal the existence, relay details, and implement backdoor access.

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity updates.

There are two various versions of the rootkit, and those are used just one at a time. There are some comparable functions of both the rootkit that were being discovered, and here we have discussed them below:-.

In this malware, there are three different backdoors that are composed in C++, and all the backdoors exfiltrate the data that has been gathered. All these different backdoors are not used together on one worked out system..

Trojanized apps and Rootkits.

Process hiding.
Submit hiding.
Hiding itself.
Concealing network connections.
Exposing the gathered qualifications to its backdoor.
Performing port forwarding.
Magic packages reception.

FontOnLakes parts have been divided into 3 following groups that generally communicate with each other, and here we have actually discussed them listed below:-.

Trojanized applications.


Apart from this, all the backdoors utilize custom heartbeat commands that are probably sent out and gotten regularly so that the connection remains alive.