Chaos: A cross-platform malware written in Go is spreading globally
- Seagate 12TB HDD: 7.46% failure rate and 1.5 year lifespan
- An American company made 0.7nm chips: EUV lithography machines can’t do it
- 14000 cores + 450W: RTX 4080 graphics card perfectly replaces the RTX 3080
- Big upgrade: The difference between Bluetooth 5.0 and 5.2
- Geeks Disappointed that RTX 4080/4090 doesn’t come with PCIe 5.0
- What are advantages and disadvantages of different load balancing?
Chaos: A cross-platform malware written in Go is spreading globally.
Chaos, a cross-platform multipurpose malware written in the Go programming language, is spreading globally.
“We observed a sophisticated malware that quadrupled in size in just two months, and it’s well-positioned to continue to accelerate,” said Mark Dehus, director of threat intelligence at Black Lotus Labs, part of security firm Lumen.
Chaos is designed to work on several architectures, including ARM, Intel (i386), MIPS, and PowerPC.
It is also tailored for Windows , Linux and various consumer devices, small office/home office (SOHO) routers and enterprise servers.
The malware exploits known vulnerabilities to enable actors to:
- Scan the target system to provide information for future commands
- Automatically initiate lateral movement and propagation via SecureShell (SSH), using stolen or brute-forced private keys
- Launch a DDoS attack and start a password mining program
- planting malware
Dehus, an analyst at Black Lotus Labs, pointed out that the popularity of malware written in Go has risen sharply in recent years due to its flexibility, low anti-virus detection rate, and difficulty in reverse engineering.
Chaos malware is powerful because it works on a variety of architectures, targeting devices and systems that are not routinely monitored as part of an enterprise security model (such as SOHO routers and the FreeBDS operating system), and exploits known exploits and SSH keys that are either stolen or obtained through brute force.
Starting in June, analysts identified several distinct clusters of cyberattacks.
These clusters leveraged a centralized command and control (C2) infrastructure and grew rapidly in August and September.
Chaos malware infections are mainly distributed in Europe (Italy, France, Spain, Germany), the United States and China.
The actor compromised at least one GitLab server and launched numerous DDoS attacks against organizations in the gaming, financial services and technology, media/entertainment, cryptocurrency, and even DDoS-as-a-Service industries.
These goals span organizations in the EMEA, Asia Pacific, and North America regions.
Chaos malware targets known vulnerabilities,” Dehus added. “We recommend that network administrators practice strict patch management and use the IoCs (Indicators of Compromise) listed in our report to monitor for infections or interactions with suspicious infrastructure. connection situation. Consumers and remote workers should enable automatic software updates and regularly update passwords and reboot hardware.”
Black Lotus Labs believes this malware is not related to the Chaos ransomware builder discovered in 2021;
instead, overlapping code and functionality suggest it is likely an evolution of Kaiji, a DDoS malware discovered in 2020.
more details:
- DIY a PBX (Phone System) on Raspberry Pi
- How to host multiple websites on Raspberry Pi 3/4?
- A Free Intercom/Paging system with Raspberry pi and old Android phones
- DIY project: How to use Raspberry Pi to build DNS server?
- Raspberry Pi project : How to use Raspberry Pi to build git server?
