New ‘Chaos’ malware can compromise multiple operating systems

Share post:

Researchers have discovered a new malware called Chaos, which is able to spread across multiple architectures and operating systems, and works on multiple architectures, including ARM, Intel (i386), MIPS, and PowerPC.

Chaos is written in Go programming language, a major reason why it is easy for developers to port their software to different operating systems. Some capabilities of the malware include the provision of DDoS services, cryptocurrency mining and backdoor features.

According to Lumen researchers, the malware is an evolution of the Kaiji DDoS malware, which is based on code and function overlaps.

Chaos is designed to exploit known vulnerabilities and brute force SSH. Once executed on a system, the malware establishes persistence and communicates with its commands and control server. The server responds with one or more staging commands that serve different purposes before possibly receiving additional commands or modules.

Communication to the C2 takes place via a UDP port, which is determined by the MAC address of the device. As soon as a successful connection is established, the C2 sends staging commands, including automatic propagation, a new port for accessing additional files on the C2 server, spoofing IP addresses on Linux systems and exploiting known vulnerabilities.

After the first communication with the C2 server, the malware receives sporadic additional commands. The commands include the execution of propagation by exploiting predefined vulnerabilities on target ranges, launching DDoS attacks or initiating crypto mining.

The malware can provide a reverse shell to the attacker who can then execute further commands on infected systems.

To protect organizations from this threat, it is important that organizations update and patch all operating systems, devices, and software. They are also advised to deploy security tools such as endpoint detection and response to detect the malware before it is launched and take steps to contain it.

The sources for this piece include an article in TechRepublic.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 12, 2024 – A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more

A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more. Welcome to Cyber Security Today. It’s Friday April 12th, 2024. I’m Howard Solomon. Organizations that use products from business analytics provider Sisense [SI-SENSE] are being told to reset user login credentials and digital keys. The warning comes from the

LinkedIn introduces verification for recruiters to combat scams

LinkedIn announced today the launch of a new verification process for job recruiters, a move aimed at curtailing...

Cyber Security Today, Week in Review for week ending Friday, April 5, 2024

This episode features a discussion on a highly critical report on the hacking of Microsoft Exchange Online email accounts, a case study of a ransomware attack and the discovery of a years-long infiltration of an open source group to insert a backdoor

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways