skip to Main Content

Cybercrime, FontOnLake is a new malware targeting Linux

ESET: FontOnLake is a new malware targeting Linux. To collect data or conduct other malicious activity, it uses modified legitimate binaries that are adjusted to load further components

FontOnLake is a new malware targeting Linux. It has been discovered by ESET cybersecurity experts. To collect data (for instance ssh credentials) or conduct other malicious activity, it uses modified legitimate binaries that are adjusted to load further components. To conceal its existence, FontOnLake’s presence is always accompanied by a rootkit. These binaries such as cat, kill or sshd can additionally serve as a persistence mechanism. The sneaky nature of the malware tools in combination with advanced design and low prevalence suggest that they are used in targeted attacks. The location of the C&C server and the countries from which the samples were uploaded to VirusTotal might indicate that its targets include Southeast Asia. Cybercrime operators behind FontOnLake are particularly cautious, since almost all samples seen use unique C&C servers with varying non-standard ports. The authors use mostly C/C++ and various third-party libraries such as Boost, Poco, or Protobuf.

Back To Top