Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that’s engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server.
The malware family, dubbed ” FontOnLake ” by Slovak cybersecurity firm ESET, is said to feature “well-designed modules” that are continuously being upgraded with new features, indicating an active development phase. Samples uploaded to VirusTotal point to the possibility that the very first intrusions utilizing this threat have been happening as early as May 2020.
Avast and Lacework Labs are tracking the same malware under the moniker HCRootkit.
“The sneaky nature of FontOnLake’s tools in combination with advanced design and low prevalence suggest that they are used in targeted attacks,” ESET researcher Vladislav Hrčka said . “To collect data or conduct other malicious activity, this malware family uses modified legitimate binaries that are adjusted to load further components. In fact, to conceal its existence, FontOnLake’s presence is always accompanied by a rootkit. These binaries are commonly used on Linux systems and can additionally serve as a persistence mechanism.”
FontOnLake’s toolset includes three components that consist of trojanized versions of legitimate Linux utilities that are used to load kernel-mode rootkits and user-mode backdoors, all of which communicate with one another using virtual files. The C++-based implants themselves are designed to monitor systems, secretly execute commands on networks, and exfiltrate account credentials.
A second permutation of the backdoor also distinction capabilities to act as a proxy server, manipulate files, download human judgements files, while a third type, besides incorporating features for the other two backdoors, typically is equipped to execute Python scripts and shell directions.
ESET talked about it found two specific versions of the Linux rootkit that’s based on an open-source project called Suterusu and publish overlaps in functionality, especially hiding processes, files, mobile phone network connections, and itself, while you are also being able to carry out content operations, and extract on top of that execute the user-mode backdoor.
It’s currently not known how the attackers gain main access to the network, women and men cybersecurity company noted the threat actor behind finally, the attacks is “overly cautious” to avoid leaving any roads by relying on different, uncommon command-and-control (C2) servers using varying non-standard ports. 1 of the C2 servers observed in a VirusTotal artifacts are no longer stimulated.
“Their dimensions and advanced design declare that the authors are well competent in cybersecurity and that they might be reused in future promotions, ” Hrčka said. “As most of the features are designed couple hide its presence, pass on communication, and provide backdoor a way in, we believe that these tools are widely-used mostly to maintain an structure which serves some other, unidentified, malicious purposes. ”
Source of this news: https://thehackernews.com/2021/10/researchers-warn-of-fontonlake-rootkit.html
Related posts:
To save our system from the outside world, we need a dedicated software platform called “Firewall”. In this article, we will discuss some best-known open-source firewalls based on Linux to protec...
The internet has become a vast network of information that people use to access all kinds of things. From downloading games to researching health care, the internet is filled with valuable informati...
Most online businesses have an eye for the first position on search engine results pages. This is because the top part attracts a large number of visitors. The top position is also the place where bu...
There are three key components that are important when obtaining a host for your business net page: speed, security and scalability. A fast website can encourage search engine ranking, improve t...
This tutorial is about the How to Fix ‘Microsoft Store Freezing’ Issue on Windows 10 PC. We will try our best so that you understand this guide. I hope you like this blog How to Fix ‘Microsoft...
CVE NumberDescriptionBase ScoreReferenceCVE-2016-8733An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl syst...
Bitcoin is undoubtedly an asset that offers many advantages over fiat money, such as the decentralization of its production. However, it is no secret to anyone that there are regions of the world whe...
Like most proxies, residential proxies act as an intermediary between a users’ device and the internet. They transfer requests from the user to the web and responses back from the web to the user. T...
Here tutorial is about the Plan: Install Visual Studio App|Code calculatordecoder} Extensions. We will try our best which means you understand this guide. I hope you adore this blog Guide: Inst...
Cybersecurity researchers realize a new Remote Access Trojan malware (RAT) which allows threat famous actors to launch ransomware & DDoS attacks. Named Borat after that comic creation of ...
While you may not always get the fastest connection speeds out of Windscribe, it’s easy to unblock Netflix with this versatile free VPN app. Free VPNs have acquired a somewhat negative reputation fo...
May 7, 2021 — At the heart of some of the smallest and densest stars in the universe lies nuclear matter that might exist in never-before-observed exotic phases. Neutron stars, which form when the co...
If you are adding PPA repo in Linux mint 20.02 and getting an error Cannot add PPA: ”This PPA does not support focal”. Then follow the simple command given in the article that will solve this error.I...
It’s hard to come by a VPN (virtual private network) that’s both free and trustworthy. Fortunately, Windscribe is one of those VPNs. In this tutorial, we’ll go over how to use Windscribe VPN, so you...
No fewer than 1, 230 Man-in-the-Middle (MitM) phishing world wide web have been discovered as looking for popular online services are fond of Instagram, Google, PayPal, Later on, Twitter, and L...
If we can argue that artists work with intangibles, then we could perhaps also say that Bepi Ghiotti’s chosen medium is time. The Italian artist was born in 1965 and can remember first taking an inte...
When PS5 gaming tactics, trendy apparel items and as well coveted sneakers sell out to be able to seconds, how do some people manage to snag impossible-to-buy remedies? Super-shoppers deploy a ...
This tutorial deals with the How To Surf Internet Anonymously. We will try our best therefore you understand this guide. I hope you love this blog How To Surf Web Anonymously . If your alterna...
