>
Cybersecurity researchers have discovered a new malware strain that infects Windows and Linux endpoints (opens in new tab) of any size and use them for distributed denial of service (DDoS) attacks and cryptocurrency mining.
Experts at Lumen’s Black Lotus Labs say the malware is written in Chinese and uses the Chinese command & control (C2) infrastructure.
They called it Chaos and say it was built on Go. It can infect all kinds of devices, from those running on x86 infrastructure to certain ARM-based devices. In short, everything from home routers to corporate servers is at risk. Apparently, Chaos is the next version of the Kaiji malware, another strain capable of mining cryptocurrencies and carrying out DDoS attacks.
Kaiji returns
“Based on our analysis of the features within the more than 100 samples we analyzed for this report, we assess that Chaos is the next iteration of the Kaiji botnet,” they said. It expands by looking for known, unpatched vulnerabilities, as well as SSH brute-force attacks.
In addition, it can use stolen SSH keys to infect an even greater number of endpoints.
Whoever the threat actors are, they are not limited to a specific industry: “Using Lumen’s global network visibility, Black Lotus Labs has listed the C2s and targets of several separate Chaos clusters, including a successful compromise of a GitLab server and a spate of recent DDoS attacks targeting the gaming, financial services and technology, and media and entertainment industries, as well as DDoS-as-a-service providers and a cryptocurrency exchange,” the researchers said.
“While today’s botnet infrastructure is relatively smaller than some of the leading DDoS malware families, Chaos has seen rapid growth in recent months.”
However, when it comes to geographic areas, Chaos seems to have a preference. While there are bots everywhere from the Americas to the Asia-Pacific region (APAC), most of the victims are based in Europe.
Through: BleepingComputer (opens in new tab)