Scientists Warn of FontOnLake Rootkit Malware Targeting Linux Components – The Hacker Story

Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that’s engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server.

The malware family, dubbed ” FontOnLake ” by Slovak cybersecurity firm ESET, is said to feature “well-designed modules” that are continuously being upgraded with new features, indicating an active development phase. Samples uploaded to VirusTotal point to the possibility that the very first intrusions utilizing this threat have been happening as early as May 2020.

Avast and Lacework Labs are tracking the same malware under the moniker HCRootkit.

“The sneaky nature of FontOnLake’s tools in combination with advanced design and low prevalence suggest that they are used in targeted attacks,” ESET researcher Vladislav Hrčka said . “To collect data or conduct other malicious activity, this malware family uses modified legitimate binaries that are adjusted to load further components. In fact, to conceal its existence, FontOnLake’s presence is always accompanied by a rootkit. These binaries are commonly used on Linux systems and can additionally serve as a persistence mechanism.”

FontOnLake’s toolset includes three components that consist of trojanized versions of legitimate Linux utilities that are used to load kernel-mode rootkits and user-mode backdoors, all of which communicate with one another using virtual files. The C++-based implants themselves are designed to monitor systems, secretly execute commands on networks, and exfiltrate account credentials.

A second permutation of the backdoor also distinction capabilities to act as a proxy server, manipulate files, download human judgements files, while a third type, besides incorporating features for the other two backdoors, typically is equipped to execute Python scripts and shell directions.

ESET talked about it found two specific versions of the Linux rootkit that’s based on an open-source project called Suterusu and publish overlaps in functionality, especially hiding processes, files, mobile phone network connections, and itself, while you are also being able to carry out content operations, and extract on top of that execute the user-mode backdoor.

It’s currently not known how the attackers gain main access to the network, women and men cybersecurity company noted the threat actor behind finally, the attacks is “overly cautious” to avoid leaving any roads by relying on different, uncommon command-and-control (C2) servers using varying non-standard ports. 1 of the C2 servers observed in a VirusTotal artifacts are no longer stimulated.

“Their dimensions and advanced design declare that the authors are well competent in cybersecurity and that they might be reused in future promotions, ” Hrčka said. “As most of the features are designed couple hide its presence, pass on communication, and provide backdoor a way in, we believe that these tools are widely-used mostly to maintain an structure which serves some other, unidentified, malicious purposes. ”

Source of this news: https://thehackernews.com/2021/10/researchers-warn-of-fontonlake-rootkit.html

Related posts:

4 Best Linux Open source Firewall for Cyber Security - 2022 - Linux Shout
To save our system from the outside world, we need a dedicated software platform called “Firewall”. In this article, we will discuss some best-known open-source firewalls based on Linux to protec...
How Do You Protect Yourself From A Swatting Attack? - Trending News Buzz
The internet has become a vast network of information that people use to access all kinds of things. From downloading games to researching health care, the internet is filled with valuable informati...
How to Improve your SEO in 2021 - The Hilltop News - The Hilltop News
Most online businesses have an eye for the first position on search engine results pages. This is because the top part attracts a large number of visitors. The top position is also the place where bu...
SUPPORT TALK WITH MIKE: Use CloudFlare to speed up your business own site - Washington Times Herald
There are three key components that are important when obtaining a host for your business net page: speed, security and scalability. A fast website can encourage search engine ranking, improve t...
How to Fix 'Microsoft Store Freezing' Issue on Windows 10 PC - BollyInside
This tutorial is about the How to Fix ‘Microsoft Store Freez­ing’ Issue on Win­dows 10 PC. We will try our best so that you understand this guide. I hope you like this blog How to Fix ‘Microsoft...
Security Bulletin 20 Apr 2022 - Cyber Security Agency of Singapore
CVE NumberDescriptionBase ScoreReferenceCVE-2016-8733An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl syst...
Chinese miners are back in action.What implications does this have on Bitcoin mining difficulty? – C...
Bitcoin is undoubtedly an asset that offers many advantages over fiat money, such as the decentralization of its production. However, it is no secret to anyone that there are regions of the world whe...
What kind of a beast are Residential Proxies? - PC-Tablet
Like most proxies, residential proxies act as an intermediary between a users’ device and the internet. They transfer requests from the user to the web and responses back from the web to the user. T...
Direct: Install Visual Studio Code unlockerfree code|Code calculatordecoder} Extensions - Bollyinsid...
Here tutorial is about the Plan: Install Visual Studio App|Code calculatordecoder} Extensions. We will try our best which means you understand this guide. I hope you adore this blog Guide: Inst...
Borat Expands RAT Capabilities and even Infosecurity Magazine
Cybersecurity researchers realize a new Remote Access Trojan malware (RAT) which allows threat famous actors to launch ransomware & DDoS attacks. Named Borat after that comic creation of ...
Is Windscribe Netflix-Compatible In 2021? [Free VPN] - Cloudwards
While you may not always get the fastest connection speeds out of Windscribe, it’s easy to unblock Netflix with this versatile free VPN app. Free VPNs have acquired a somewhat negative reputation fo...
Scientists Tap Summit Supercomputer to Study Exotic Matter in Stars - HPCwire
May 7, 2021 — At the heart of some of the smallest and densest stars in the universe lies nuclear matter that might exist in never-before-observed exotic phases. Neutron stars, which form when the co...
Solution: Cannot add PPA: "This PPA does not support focal" in Linux Mint 20 - Linux News - BollyIns...
If you are adding PPA repo in Linux mint 20.02 and getting an error Cannot add PPA: ”This PPA does not support focal”. Then follow the simple command given in the article that will solve this error.I...
How to Use Windscribe VPN in 2021: Easy Steps & Pricing Guide It's hard to find - Cloudwards
It’s hard to come by a VPN (virtual private network) that’s both free and trustworthy. Fortunately, Windscribe is one of those VPNs. In this tutorial, we’ll go over how to use Windscribe VPN, so you...
Investigators Demonstrate New Way to Spot MITM Phishing Kits during Wild - The Hacker News
No fewer than 1, 230 Man-in-the-Middle (MitM) phishing world wide web have been discovered as looking for popular online services are fond of Instagram, Google, PayPal, Later on, Twitter, and L...
Bepi Ghiotti - 'An artwork is never still although what it represents might seem like it is' - Artsp...
If we can argue that artists work with intangibles, then we could perhaps also say that Bepi Ghiotti’s chosen medium is time. The Italian artist was born in 1965 and can remember first taking an inte...
Super-Shoppers’ Secrets on How to Buy Anything Online—Even a PlayStation 5 here is the The Wall Stre...
When PS5 gaming tactics, trendy apparel items and as well coveted sneakers sell out to be able to seconds, how do some people manage to snag impossible-to-buy remedies? Super-shoppers deploy a ...
Finest Surf Web Anonymously 2022 Tip - BollyInside
This tutorial deals with the How To Surf Internet Anonymously. We will try our best therefore you understand this guide. I hope you love this blog How To Surf Web Anonymously . If your alterna...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30