The new malware family in town and the one that attacks the Linux Systems, by concealing itself legitimate binaries to deliver the few back door and rootkits. The malware named Font ON Lake appears to well designed and it is first appeared on May 2020.
Researchers says that the malware makes the use of several carefully crafted modules that not just collect credentials and they also give remote access to the threat actors. The malware disguises itself inside the trojanized versions of standard Linux utilities and it includes the cat, kill and sshd.
The sample is analyzed by the researchers and was created specifically for CentOS and Debian. The exact phenomenon employed by the threat actors to replace, the original utilities with the malicious ones remains a mystery. By analyzing the malware the researchers note that the samples contained three custom backdoors that are written C++ and it gives the remote access to the infected Linux systems to the operators of the malware.
Location of command and control server and the countries from which the samples were uploaded indicate that the attackers were after targets are based in Southeast Asia. The ESET believes that, the operators are overly cautious about being caught and their activities exposed are almost all samples that are obtained from the different C2 servers addresses and the variety of ports.
The Fake on lake is the modular malware that harnesses custom binaries to infect the machine and to execute malicious code. The ESET investigates the font on Lake and the firm says that, its known components are trojanized apps which are used to Load backdoors and rootkits and to collect information & details.
There are three backdoors are connected to the font on lake. It is always joined in the kernel mode rootkit to maintain the persistence on the infected Linux machines.
Users can protect their devices by using the best antivirus software and the best malware removal software. There are many best protection tools are present to save the devices.