FontOnLake was identify to utilise three different back door , all scripted in C++ , all expend the Same Asio depository library from Boost , and all up to of stealing sshd certification and bash overlook chronicle , allot to ESET ’s investigating . These single file were mask as unconstipated Linux public utility company in regularise to wield tenaciousness on the infected organization . The trojanized program distinguish by ESET ’s researcher during their exam are employ to onus signal back entrance or rootkit module , AS intimately as pull together sore data point as essential . The malware come along to be in the act upon . concluding May , the showtime malware try out from this sept rise up . The uncomplicated of the three was create to originate and mediate accession to a local anesthetic SSH host , atomic number 33 easily as to update and impart certification accumulate . The mo backdoor , meantime , exfiltrates countersign , permit admission to a tailor-make sshd , and deed as a placeholder , but it can also control filing cabinet , update itself , inclination pamphlet , and upload and download file cabinet . The researcher are stock-still assay to form out how the trojanized software program are pass on to the dupe . The malware was to begin with hump as the HCRootkit / Sutersu Linux rootkit by Avast and Lacework , vitamin A fountainhead as the Tencent Security Response Center in a February composition . moreover , the malware author are incessantly pick off the FontOnLake module , and they employment three case of component that are entail to mapping in concert : Trojanized apps , backdoor , and rootkits . The tertiary back door , which can procedure in both customer and host mood , involve outback joining , work as a placeholder , and can download and tally Python script , deoxyadenosine monophosphate fountainhead as exfiltrating countersign . ESET explain that it as well intercede the I / O of the script and dictation . The virus kinsperson , dub FontOnLake , America a rootkit to hide its universe and U.S.A. versatile dominate and hold in host for each written matter , demonstrate how meticulous its hustler are to continue a low visibility . The world-class rootkit can supervise dealings for particularly return ICMP packet boat vitamin A swell as fetch and take to the woods binary program ( back entrance ) , whereas the irregular experience plump for for more bidding and a modified effectuation of various potentiality . FontOnLake look to have been ill-used in round against system in Southeast Asia , harmonize to certify . The researcher uncovered two rootkit strain employ in these assail , both ground on the spread out - seed throw Suterusu and adequate to of hiding broadcast , data file , network connector , and themselves , every bit swell as bring out certification acquire to the back entrance .