Beware- FontOnLake Rootkit Malware Attacking Linux Systems

According to ESET’s researchers, components of FontOnLake malware are divided into three groups: Trojamized app, Rootkit, and Backdoor. 

Researchers at Slovak cybersecurity company ESET have identified a new malware family utilizing custom and well-designed modules. In ESET’s white paper [PDF], researchers revealed that the malware dubbed FontOnLake Rootkit malware targets Linux systems and its modules are under active development.

The malware samples uploaded to VirusTotal indicate that the first intrusion through this previously unidentified threat happened in May 2020. TencentLacework Labs, and Avast are also tracking this malware using the moniker HCRootkit. 

We have found a new #Linux #malware leveraging an open source kernel-mode rootkit #Suterusu and we dubbed it #HCRootkit. 1/7

— Avast Threat Labs (@AvastThreatLabs) August 25, 2021

About FontOnLake

Researchers noted in their report that FontOnLake has a “sneaky nature,” “advanced design,” and “low prevalence.” Therefore, it is easier to use this malware in targeted attacks.

According to ESET researcher Vladislav Hrčka, it allows remote access to the attackers, can serve as a proxy server, and steal credentials. This malware family uses “modified legitimate binaries” to collect data, and these binaries have been adjusted to load more components.

Moreover, to stay undetected, the malware

Read More: