News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Linux : FontOnLake Malware / Rootkit / Trojan / Backdoor

    Home » Forums » AskWoody support » Non-Windows operating systems » Linux – all distros » Linux : FontOnLake Malware / Rootkit / Trojan / Backdoor

    • This topic has 0 replies, 1 voice, and was last updated 2 weeks ago.
    Author
    Topic
    #2395847

    https://www.welivesecurity.com/wp-content/uploads/2021/10/eset_fontonlake.pdf

    EXECUTIVE SUMMARY
    FontOnLake is a malware family utilizing well-designed custom modules that are constantly under
    development. It targets systems running Linux and provides remote access to those systems for its
    operators, collects credentials, and serves as a proxy server. Its presence is always accompanied by a
    rootkit, which conceals its existence.
    Their sneaky nature and advanced design suggest that these tools are used in targeted attacks; the
    location of the C&C server and the countries from which the samples were uploaded to VirusTotal might
    indicate that its operators target at least Southeast Asia.
    We believe that its operators are overly cautious since almost all samples seen use different, unique C&C
    servers with varying non-standard ports. The authors use mostly C/C++ and various third-party libraries
    such as Boost, Poco and Protobuf. None of the C&C servers used in samples uploaded to VirusTotal were
    active at the time of writing, indicating that they could have been disabled due to the upload. We
    conducted several internet-wide scans that imitated initial communication of its network protocols
    targeting the observed non-standard ports in order to identify C&C servers and victims. We managed
    to find only one active C&C server, which mostly just maintained connectivity via custom heartbeat
    commands and did not provide any updates on explicit requests…

    • This topic was modified 2 weeks ago by Alex5723.
    Reply To: Linux : FontOnLake Malware / Rootkit / Trojan / Backdoor

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.