New Strain of Malware Targets Linux Systems

After months of infotech news focusing primarily on Windows-based ransomware and other threats, October brings a new strain of malware that targets Linux-based systems for a change.

The malware in question is believed to be a previously unknown strain and has been given the somewhat exotic name FontOnLake. It is still being actively developed, according to security researchers and already has very decent capabilities, including remote access and exfiltration of credentials, as well as the ability to act as a proxy server.

Samples of what is currently called FontOnLake and is considered a new strain of Linux malware were first uploaded for analysis to VirusTotal way back in mid-2020, ZDNet reports, but those samples were trying to contact command and control servers which have been taken down. Researchers believe the servers going offline was likely due to the fact that the initial sample of the malware was intercepted and put up for analysis.

Several different backdoor tools have been identified as having connections to FontOnLake. All three of those backdoor tools contact the same command and control servers that the new malware uses to upload information stolen from its victims.

Again, according to the security researchers, who are still picking apart the malware, the hackers operating FontOnLake are more cautious than most when it comes to covering their tracks and treading very lightly. Every sample that researchers obtained and analyzed was attempting to contact a different command and control server and was doing that through a different port every time - a sign that the hackers are either testing the waters or are very careful about detection.

Linux malware is always a bit of a rarity and always makes headlines when a new sample is intercepted. In this specific case with the campaign using FontOnLake, researchers believe the malware was used for targeting Linux systems located in Southeast Asia.

October 11, 2021