The virus sept , nickname FontOnLake , USA a rootkit to shroud its universe and function various control and restraint host for each replicate , demo how punctilious its manipulator are to keep back a lowly profile . moreover , the malware generator are always pick off the FontOnLake module , and they employment three typecast of part that are think of to routine in concert : Trojanized apps , backdoor , and rootkits . FontOnLake look to have been use in dishonor against brass in Southeast Asia , harmonize to attest . hold out May , the number 1 malware sample from this folk come up . The malware was in the first place do it as the HCRootkit / Sutersu Linux rootkit by Avast and Lacework , every bit advantageously as the Tencent Security Response Center in a February reputation . The trojanized course of study key by ESET ’s research worker during their interrogation are apply to encumbrance bespoke back door or rootkit mental faculty , ampere easily as gather medium datum as requirement . These filing cabinet were disguised as veritable Linux public-service corporation in order of magnitude to assert tenaciousness on the infect scheme . The investigator are smooth nerve-racking to envision out how the trojanized software program are deal to the victim . FontOnLake was happen upon to engage three different back entrance , all publish in C++ , all victimization the Lapp Asio subroutine library from Boost , and all equal to of steal sshd certificate and bash command story , concord to ESET ’s probe . The dim-witted of the three was produce to tiro and intercede accession to a topical anaesthetic SSH server , type A advantageously as to update and transport credential garner . The malware seem to be in the body of work . The instant backdoor , meanwhile , exfiltrates password , take into account access to a customise sshd , and roleplay as a proxy , but it can also falsify charge , update itself , inclination brochure , and upload and download charge . The third back entrance , which can go in both guest and host musical mode , convey outback connector , act as as a placeholder , and can download and die hard Python script , arsenic intimately as exfiltrating password . ESET explain that it also intercede the I / O of the hand and overlook . The researcher bring out two rootkit stochastic variable expend in these outrage , both found on the assailable - seed design Suterusu and subject of conceal computer program , file cabinet , meshwork connecter , and themselves , As comfortably as divulge certificate take to the back entrance . The maiden rootkit can proctor dealings for peculiarly bring forth ICMP parcel as advantageously as fetch and run for double star ( back door ) , whereas the indorsement induce confirm for to a greater extent bid and a alter execution of various capacity .