"Multi-Platform Chaos Malware Threatens to Live up to Its Name"

Security researchers at Lumen's Black Lotus Labs have found that Chaos, the new multipurpose malware written in the Go programming language, is spreading across the world.  The researchers stated that the malware has quadrupled in size in just two months and is well-positioned to continue accelerating.  The researchers noted that Chaos is designed to work across several architectures, including ARM, Intel (i386), MIPS, and PowerPC.  It was developed for Windows, Linux, a wide array of consumer devices, small office/home office (SOHO) routers, and enterprise servers.  The researchers noted that the malware exploits known vulnerabilities that enables the threat actors to scan the target system to profile it for future commands.  It also allows the threat actor to automatically initiate lateral movement and propagation through SecureShell (SSH) by using private keys that are either stolen or obtained using brute force.  The malware also allows the threat actor to launch DDoS attacks and initiate cryptomining.  Beginning in June, the researchers discovered several distinct Chaos clusters that were written in Chinese.  The clusters leveraged China-based command and control (C2) infrastructure that grew rapidly in August and September.  Chaos bot infections are mostly concentrated in Europe (Italy, France, Spain, Germany), the U.S., and China.  The researchers believe this malware is not related to the Chaos ransomware builder discovered in 2021; instead, the overlapping code and functions suggest it is likely the evolution of Kaiji, a DDoS malware founded in 2020.

Help Net Security reports: "Multi-Platform Chaos Malware Threatens to Live up to Its Name"