Latest Post

17 production-grade databases were deleted after a code typo caused Microsoft Azure to fail.  Gigabyte Releases BIOS Update to Remove Backdoor Containing Security Hazards on Motherboards

Chaos: A cross-platform malware written in Go is spreading globally


Chaos: A cross-platform malware written in Go is spreading globally.

Chaos, a cross-platform multipurpose malware written in the Go programming language, is spreading globally.

“We observed a sophisticated malware that quadrupled in size in just two months, and it’s well-positioned to continue to accelerate,” said Mark Dehus, director of threat intelligence at Black Lotus Labs, part of security firm Lumen.


Chaos: A cross-platform malware written in Go is spreading globally


Chaos is designed to work on several architectures, including ARM, Intel (i386), MIPS, and PowerPC.

It is also tailored for Windows , Linux and various consumer devices, small office/home office (SOHO) routers and enterprise servers.


The malware exploits known vulnerabilities to enable actors to:

  • Scan the target system to provide information for future commands
  • Automatically initiate lateral movement and propagation via SecureShell (SSH), using stolen or brute-forced private keys
  • Launch a DDoS attack and start a password mining program
  • planting malware


Dehus, an analyst at Black Lotus Labs, pointed out that the popularity of malware written in Go has risen sharply in recent years due to its flexibility, low anti-virus detection rate, and difficulty in reverse engineering.


Chaos malware is powerful because it works on a variety of architectures, targeting devices and systems that are not routinely monitored as part of an enterprise security model (such as SOHO routers and the FreeBDS operating system), and exploits known exploits and SSH keys that are either stolen or obtained through brute force.


Starting in June, analysts identified several distinct clusters of cyberattacks.

These clusters leveraged a centralized command and control (C2) infrastructure and grew rapidly in August and September.


Chaos malware infections are mainly distributed in Europe (Italy, France, Spain, Germany), the United States and China.


Chaos: A cross-platform malware written in Go is spreading globally



The actor compromised at least one GitLab server and launched numerous DDoS attacks against organizations in the gaming, financial services and technology, media/entertainment, cryptocurrency, and even DDoS-as-a-Service industries.

These goals span organizations in the EMEA, Asia Pacific, and North America regions.


Chaos malware targets known vulnerabilities,” Dehus added. “We recommend that network administrators practice strict patch management and use the IoCs (Indicators of Compromise) listed in our report to monitor for infections or interactions with suspicious infrastructure. connection situation. Consumers and remote workers should enable automatic software updates and regularly update passwords and reboot hardware.”


Black Lotus Labs believes this malware is not related to the Chaos ransomware builder discovered in 2021;

instead, overlapping code and functionality suggest it is likely an evolution of Kaiji, a DDoS malware discovered in 2020.





more details: