ClickCease Chaos malware targets multiple architectures
Cybersecurity News, Malware & Exploits,

Chaos malware targets multiple architectures

October 13, 2022
New chaos malware target multiple operating systems

According to researchers from Lumen-based Black Lotus Lab, a new Chaos malware is targeting multiple architectures to spread DDoS, cryptocurrency miners, and install backdoors.

The malware is written in Go programming language, a major reason why it is easy for developers to port their software to different operating systems. Some of the capabilities of the malware include the provision of DDoS services, cryptocurrency mining, and backdoor features.

According to Lumen researchers, the malware is an evolution of the Kaiji DDoS malware, which is based on code and function overlaps.

Chaos is designed to exploit known vulnerabilities and brute force SSH. Once executed on a system, the malware establishes persistence and communicates with its commands and the control server. The server responds with one or more staging commands that serve different purposes before possibly receiving additional commands or modules.

Communication to the C2 takes place via a UDP port, which is determined by the MAC address of the device. As soon as a successful connection is established, the C2 sends staging commands, including automatic propagation, a new port for accessing additional files on the C2 server, spoofing IP addresses on Linux systems, and exploiting known vulnerabilities.

After the first communication with the C2 server, the malware receives sporadic additional commands. The commands include the execution of propagation by exploiting predefined vulnerabilities in target areas, launching DDoS attacks, or initiating crypto-mining.

The malware can provide a reverse shell to the attacker who can then execute further commands on infected systems.

Chaos malware can launch DDoS attacks on selected targets and pretend that these attacks come from multiple computers. Chaos malware can also drop cryptocurrency miners and use an infected computer for mining. The malware can also allow attackers to spread to other computers by exploiting various common vulnerabilities.

To protect organizations from this threat, it is important that organizations update and patch all operating systems, devices, and software, and that they use security tools such as endpoint detection and response to detect the malware before it is launched and take steps to contain it.

The sources for this piece include an article in TechRepublic.

Summary
Chaos malware targets multiple architectures
Article Name
Chaos malware targets multiple architectures
Description
According to researchers from Lumen-based Black Lotus Lab, a new Chaos malware is targeting multiple architectures
Author
Publisher Name
Tuxcare
Publisher Logo

TuxCare can help you reduce your risk window to data exfiltration and other cyber security threats.

TALK TO A CYBERSECURITY EXPERT

Expert knowledge of Linux security tips,
live patching education, and Cybersecurity news.

Stay updated with the latest news and announcements from TuxCare.com

Related Articles

Bahamut deploys fake VPN apps...

ESET researchers discovered an ongoing campaign by the Bahamut APT...

December 9, 2022

Windows Server updates causes LSASS...

A memory leak bug on Local Security Authority Subsystem Service...

December 8, 2022

1,650 malicious Docker Hub images...

After discovering malicious behaviors in 1,652 of 250,000 unverified Linux...

December 7, 2022

Arm’s Mali GPU driver flaws...

Despite fixes released by the chipmaker, a set of five...

December 6, 2022

RansomExx malware offers new features...

The APT group DefrayX has launched a new version of...

December 5, 2022

DuckDuckGo launches beta version of...

DuckDuckGo, a privacy-focused search engine, has added an App Tracking...

December 2, 2022

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching