Cybersecurity researchers have discovered a new strain of malware infecting Windows and Linux endpoints (Opens in a new tab) of all sizes and uses them in distributed denial of service (DDoS) attacks and cryptocurrency mining.
Experts from Black Lotus Labs at Lumen say the malware is written in Chinese and uses China’s command and control (C2) infrastructure.
They called it Chaos, and they say it’s based on Go. It is capable of infecting all types of devices, from those running on x86 infrastructure, to some ARM-based devices. In short, everything from home routers to enterprise servers is at risk. Apparently, Chaos is the next iteration of the Kaiji malware, another strain that has managed to mine cryptocurrency and launch DDoS attacks.
“Based on our analysis of jobs within the more than 100 samples we analyzed for this report, we estimate that chaos is the next iteration of the Kaiji robotic network,” they said. It expands by searching for known and unpatched vulnerabilities, as well as SSH brute force attacks.
Moreover, it can use stolen SSH keys to infect a greater number of endpoints.
Regardless of the threat actors, they do not limit themselves to a specific industry, though: “Using the vision of the global Lumen network, Black Lotus Labs has enumerated C2s and targets for several distinct Chaos groups, including a successful compromise of the GitLab server and The recent wave of DDoS attacks targeting the gaming, financial services, technology, media and entertainment industries — as well as DDoS-as-a-service providers and cryptocurrency exchanges,” the researchers said.
“While today’s bot infrastructure is relatively smaller than some of the leading DDoS malware groups, Chaos has shown rapid growth in the past few months.”
When it comes to geography, chaos seems to have the advantage. Although bots are found everywhere, from the Americas to the Asia Pacific (APAC), most of their victims are in Europe.
Via: BleepingComputer (Opens in a new tab)