• Linux : FontOnLake Malware / Rootkit / Trojan / Backdoor

    Home » Forums » AskWoody support » Linux for the Home user » Linux – all distros » Linux : FontOnLake Malware / Rootkit / Trojan / Backdoor



    FontOnLake is a malware family utilizing well-designed custom modules that are constantly under
    development. It targets systems running Linux and provides remote access to those systems for its
    operators, collects credentials, and serves as a proxy server. Its presence is always accompanied by a
    rootkit, which conceals its existence.
    Their sneaky nature and advanced design suggest that these tools are used in targeted attacks; the
    location of the C&C server and the countries from which the samples were uploaded to VirusTotal might
    indicate that its operators target at least Southeast Asia.
    We believe that its operators are overly cautious since almost all samples seen use different, unique C&C
    servers with varying non-standard ports. The authors use mostly C/C++ and various third-party libraries
    such as Boost, Poco and Protobuf. None of the C&C servers used in samples uploaded to VirusTotal were
    active at the time of writing, indicating that they could have been disabled due to the upload. We
    conducted several internet-wide scans that imitated initial communication of its network protocols
    targeting the observed non-standard ports in order to identify C&C servers and victims. We managed
    to find only one active C&C server, which mostly just maintained connectivity via custom heartbeat
    commands and did not provide any updates on explicit requests…

    • This topic was modified 1 year, 3 months ago by Alex5723.
    Reply To: Linux : FontOnLake Malware / Rootkit / Trojan / Backdoor

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: