October 16, 2021 — Eric Swotinsky
Incident reports

Newly-identified Linux malware targets Southeastern Asia

Cyber Protect Cloud

A previously unrecognized Linux malware family has been found to be targeting organizations in Southeast Asia. The threat is being tracked as FontOnLake or HCRootkit.

FontOnLake is a modular rootkit that appears to be in active development, and includes abilities like remote access enablement, credential theft, and acting as a proxy server.

Attacks using FontOnLake appear to be targeted and are designed to collect data, among other malicious actions. The malware is able to evade detection by many traditional antivirus solutions, and replaces common legitimate binaries with modified ones on infected systems.

Though this rootkit has managed to stay largely out-of-sight since as early as May 2020, it is detected by the multi-layered detection engines included in Acronis Cyber Protect for Linux — keeping your data and systems safe from this and other Linux malware.