Linux malware FontOnLake is used in targeted attacks

黑尔加·史密斯十月 12, 2021最後更新: 十月 12, 2021

132 1 分鐘閱讀

ESET specialists talked about the FontOnLake malware, which combines backdoor and rootkit components. The malware is known to be used in targeted attacks against organizations in Southeast Asia.

Experts write that the first file related to this malware family appeared on 病毒總數 back in May last year, and other samples were uploaded during the year. Based on where these files were downloaded from, the researchers concluded that 字體OnLake was primarily used in Southeast Asia. At the time of this writing, all the malware’s control servers had already been disabled. But the researchers note that, as a rule, during targeted attacks, hackers act in this way: the work of the infrastructure stops as soon as their goals are achieved.

It is known that FontOnLake is distributed through trojanized applications, but researchers do not know how the attackers forced their victims to download modified binaries. Among the utilities that the attacker modified to deliver FontOnLake were cat, kill, sftp, and shd.

According to the researchers, the trojanized utilities were probably modified at the source code level, 噉係, the attackers compiled them and replaced the original.

All trojanized files are standard Linux utilities and are needed to maintain their presence in the system, because they are usually launched at system startup.the experts write.

也, the modified binaries provided loading of additional payloads, collecting information and performing other malicious actions. The fact is that FontOnLake has several modules that interact with each other and allow hackers to steal confidential data, effectively hiding their presence in the system.

字體OnLake

The experts also discovered three custom backdoors written in C ++ and related to FontOnLake. They provide malware operators with remote access to the infected system. A common feature for all backdoors is to pass the collected sshd credentials and bash command history to the command and control server.

The presence of FontOnLake in a compromised system is also masked by a rootkit, which is also responsible for updating and delivering backup backdoors. All rootkit samples studied by ESET電子電氣設備 targeted kernel versions 2.6.32-696.el6.x86_64 and 3.10.0-229.el7.X86_64.

ESET notes that FontOnLake is most likely the same malware previously analyzed by Tencent Security Response Center experts. It also seems that this malware has already been detected by Avast 和 Lacework specialists, in whose reports it appeared as the HCRootkit 和 Sutersu rootkit.

Let me remind you that we also wrote that Hackers create Cobalt Strike Beacon for Linux.

標籤

黑尔加·史密斯十月 12, 2021最後更新: 十月 12, 2021

132 1 分鐘閱讀

Linux malware FontOnLake is used in targeted attacks

ESET specialists talked about the FontOnLake malware, which combines backdoor and rootkit components. The malware is known to be used in targeted attacks against organizations in Southeast Asia.

黑尔加·史密斯

留言取消回覆

Remove BGZQ Ransomware Virus (+DECRYPT .bgzq Files)

Remove BGJS Ransomware Virus (+DECRYPT .bgjs Files)

移除KAAA勒索軟件病毒 (+解密.kaaa文件)

移除UAJS勒索軟件病毒 (+解密.uajs文件)

移除USZQ勒索軟件病毒 (+解密.uazq文件)

移除VOOK勒索軟件病毒 (+DECRYPT .vook文件)

移除LOOY勒索軟件病毒 (+DECRYPT.looy文件)

移除KOOL勒索軟件病毒 (+DECRYPT .kool文件)

移除NOOD勒索軟件病毒 (+DECRYPT.nood文件)

移除WIAW勒索軟件病毒 (+解密.wiaw文件)

移除WISZ勒索軟件病毒 (+DECRYPT.wisz文件)

移除LKFR Ransomware病毒 (+DECRYPT.lkfr 文件)

移除LKHY Ransomware病毒 (+DECRYPT.lkhy文件)

移除LDHY勒索軟件病毒 (+DECRYPT .ldhy文件)

移除KVIP Ransomware病毒 (+DECRYPT .kvip文件)

ESET specialists talked about the FontOnLake malware, which combines backdoor and rootkit components. The malware is known to be used in targeted attacks against organizations in Southeast Asia.

黑尔加·史密斯

Dangerous FluBot malware offers users a security update to fight against itself

Apps learned to automatically install on devices through ads

留言取消回覆

相關文章

新版本嘅Magniber勒索軟件威脅Windows 11 用戶

善意勒索迫使受害者做善事

俄羅斯Fronton殭屍網絡可以做嘅不僅僅昰大規模嘅DDoS攻擊

Microsoft警告XorDdos惡意軟件活動增加