A previously unknown malware family dubbed FontOnLake is targeting systems running Linux, ESET researchers found.
FontOnLake uses “custom and well-designed modules,” malware analyst Vladislav Hrčka wrote in a blog post on the finding. Modules used by the malware family “are constantly under development and provide remote access to the operators, collect credentials, and serve as a proxy server,” he wrote.
The first known FontOnLake file appeared on VirusTotal in May 2020 and other samples were uploaded throughout the year. Both the location of its command-and-control server and the countries from which samples were uploaded to VirusTotal may indicate that the attackers’ targets include Southeast Asia.
“We believe that FontOnLake’s operators are particularly cautious since almost all samples seen use unique [C2] servers with varying non-standard ports,” Hrčka wrote.
The malware family’s known components include Trojanized applications, backdoors, and rootkits, which interact with each other Researchers found multiple Trojanized applications, mostly used to load custom backdoor or rootkit
Read the article