It’s called FontOnLake and, as they tell about Security Week , this new malware can attack Linux systems. A somewhat unprecedented issue for this malware is the fact that developers are constantly tweaking modules so that they evolve to infect as many systems as possible.
The extensive PDF that ESET researchers published details the ways in which the malware works. Once the system is infected, in addition to collecting personal information, such as the history of commands, sshd credentials, it loads backdoors and rootkit modules, to make the system available to the attacker.
How to attack? The usual, so to speak: the Trojan horse, but what the researchers still haven’t figured out is the way in which the trojanized applications are installed on the victims.
ESET’s analysis of FontOnLake revealed the use of three different backdoors, all written in C ++, the simplest of the three initiates and mediates access to a local SSH server, updates and broadcasts collected credentials.
But, as we wrote, Malware is under development. The second backdoor in fact extracts the credentials, provides access to a custom sshd and acts as a proxy, but is also able to manipulate files, update itself, list directories and upload and download files.
The third backdoor is capable of operating in both client and server mode, accepts remote connections, acts as a proxy and can download and execute Python scripts, as well as extracting credentials, also mediating the I / O of scripts and commands.
In short, anything but a health walk.
Other information at the moment there is none, but it is presumable to think that we will still hear about FontOnLake. In the meantime… Don’t click on that link!