Cybersecurity researchers have discovered a new strain of malware that infects Windows and Linux (opens in a new tab) endpoints of all sizes and uses them for distributed denial-of-service (DDoS) attacks and cryptomining.
Experts from Lumen's Black Lotus Labs claim that the malware is written in Chinese and uses a Chinese-based command and control (C2) infrastructure.
They called it Chaos and they say it's built on top of Go. It is capable of infecting all types of devices, from those running on x86 infrastructure to some ARM-based devices. Simply put, everything from home routers to business servers is at risk. Chaos is apparently the next iteration of the Kaiji malware, another strain capable of mining cryptocurrency and launching DDoS attacks.
Kaiji Regresa
"Based on our analysis of features in more than 100 samples we analyzed for this report, we believe that Chaos is the next iteration of the Kaiji botnet," they said. It thrives by searching for known and unpatched vulnerabilities as well as SSH brute force attacks.
Furthermore, it can use stolen SSH keys to infect even more endpoints.
However, whoever the threat actors are, they are not limited to a specific industry: "Using Lumen's global network visibility, Black Lotus Labs has listed the C2s and targets of several different Chaos clusters, including a compromise success of a GitLab server and a series of recent DDoS attacks targeting the gaming, financial services and technology, media and entertainment industries, as well as providers of DDoS as a service and a cryptocurrency exchange," the researchers said.
"While the current botnet infrastructure is comparatively smaller than some of the major DDoS malware families, Chaos has shown rapid growth in recent months."
However, when it comes to geographies, Chaos seems to have a preference. Although there are bots everywhere, from the Americas to the Asia-Pacific (APAC) region, most of their victims are in Europe.
Via: BleepingComputer (Opens in a new tab)