A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet.
What does this malware do ?
“Chaos performance consists of the flexibility to enumerate the host setting, run distant shell instructions, load extra modules, robotically propagate via stealing and brute-forcing SSH non-public keys, in addition to launch DDoS assaults,” researchers from Lumen’s Black Lotus Labs said in a write-up shared with The Hacker Information.
Written in Chinese language and leveraging China-based infrastructure for command-and-control, the botnet joins a protracted listing of malware which might be designed to ascertain persistence for prolonged intervals and sure abuse the foothold for nefarious functions, similar to DDoS assaults and cryptocurrency mining.
Written in Chinese language and leveraging China-based infrastructure for command-and-control, the botnet joins a protracted listing of malware which might be designed to ascertain persistence for prolonged intervals and sure abuse the foothold for nefarious functions, similar to DDoS assaults and cryptocurrency mining.
If anything, the development also points to a dramatic uptick in threat actors shifting to programming languages like Go to evade detection and render reverse engineering difficult, not to mention targeting several platforms at once.
Chaos (not to be perplexed with the ransomware builder of the very same title) lives up to its identify by exploiting recognised security vulnerabilities to attain original entry, subsequently abusing it to conduct reconnaissance and initiate lateral motion across the compromised network.
What’s more, the malware has versatility that similar malware does not, enabling it to operate across a wide range of instruction set architectures from ARM, Intel (i386), MIPS, and PowerPC, effectively allowing the threat actor to broaden the scope of its targets and swiftly accrue in volume.
On top of that, Chaos further has the ability to execute as many as 70 different commands sent from the C2 server, one of which is an instruction to trigger the exploitation of publicly-disclosed flaws (CVE-2017-17215 and CVE-2022-30525) defined in a file.
A GitLab server located in Europe was one among the victims of the Chaos botnet in the first weeks of September, the company said, adding it identified a string of DDoS attacks aimed at entities spanning gaming, financial services, and technology, media and entertainment, and hosting providers. Also targeted was a crypto mining exchange.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment