A new family of malware just appeared and attacks systems running under
Linux. Malware lurks in legitimate-looking Linux utilities and provides
hackers stolen oscilloscopes for easy access to user data. It differs from other malicious programs due to its discretion and its high recoverability.
According to researchers from the network security company Eset, the “FontOnLake” malware starts to appear more and more regularly on Linux machines. It was first detected in VirusTotal in May 2020, but the command and control servers connected to this malware were down.
However, analysis of the detected samples allowed the researchers to determine that FontOnLake contained remote access features, data stealing tools, and could initialize proxy servers. The Eset researchers believe, however, that malware operators are too cautious to be caught, as almost all samples obtained use different server addresses.
Modified Linux Utilities
Eset says that the malware is transmitted with modified Linux utilities that contain Trojans. “All modified files are standard Linux utilities and serve as a persistence method, as they typically run at system startup,” says Vladislav Hrčka, reverse engineering and malware analyst at Eset. The researchers add that the hackers modified the source code of legitimate utilities to incorporate malicious code. However, specialists are still looking for the distribution methods used to convince users to install these tainted versions.
This malware installs backdoors on infected machines and allows hackers to collect a large amount of data. Researchers have also detected rootkits in malware, allowing it to act very discreetly while being difficult to dislodge. These rootkits also allow them to update. According to Avast, the rootkit is based on the open source Suterusu project.
Unfortunately, this is not the first malware of its kind to hit Linux devices. Last August, Avast alerted users to the “HCRootkit” malware, which used the same Suterusu rootkit. As always in these types of circumstances, it is important to remember that most hacks are caused by user negligence. Therefore, never install software or utilities from fonts whose authenticity you cannot guarantee.