New ‘Chaos’ malware can compromise multiple operating systems

Share post:

Researchers have discovered a new malware called Chaos, which is able to spread across multiple architectures and operating systems, and works on multiple architectures, including ARM, Intel (i386), MIPS, and PowerPC.

Chaos is written in Go programming language, a major reason why it is easy for developers to port their software to different operating systems. Some capabilities of the malware include the provision of DDoS services, cryptocurrency mining and backdoor features.

According to Lumen researchers, the malware is an evolution of the Kaiji DDoS malware, which is based on code and function overlaps.

Chaos is designed to exploit known vulnerabilities and brute force SSH. Once executed on a system, the malware establishes persistence and communicates with its commands and control server. The server responds with one or more staging commands that serve different purposes before possibly receiving additional commands or modules.

Communication to the C2 takes place via a UDP port, which is determined by the MAC address of the device. As soon as a successful connection is established, the C2 sends staging commands, including automatic propagation, a new port for accessing additional files on the C2 server, spoofing IP addresses on Linux systems and exploiting known vulnerabilities.

After the first communication with the C2 server, the malware receives sporadic additional commands. The commands include the execution of propagation by exploiting predefined vulnerabilities on target ranges, launching DDoS attacks or initiating crypto mining.

The malware can provide a reverse shell to the attacker who can then execute further commands on infected systems.

To protect organizations from this threat, it is important that organizations update and patch all operating systems, devices, and software. They are also advised to deploy security tools such as endpoint detection and response to detect the malware before it is launched and take steps to contain it.

The sources for this piece include an article in TechRepublic.

SUBSCRIBE NOW

Related articles

20 dollars unmasks a major vulnerability in the internet infrastructure. Cyber Security Today for Friday the 13th, September 2024

US Cyber Security and Infrastructure Agency -  CISA has added three significant vulnerabilities to its “known exploited vulnerabilities...

Payment gateway breach exposes 1.7 million credit card holders

Slim CD, a payment gateway provider, recently disclosed a significant data breach that impacted nearly 1.7 million credit...

AI Healthcare Firm Exposes 5.9 TB of Sensitive Mental Health Data

In a significant data security incident, Confidant Health, a Texas-based AI healthcare platform, inadvertently exposed 5.3 terabytes of...

Cyber Security Today – Week In Review for September 7, 2024

Cyber Security Today - Weekend Edition: Toronto School Board Hack, MoveIT Breach & Data Privacy Concerns This weekend edition...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways