A quickly expanding malware named chaos is targetting and infecting windows and Linux devices and launching DDoS attacks.
A quickly expanding malware named chaos is targetting and infecting windows and Linux devices and launching DDoS attacks. Researchers from black lotus labs at lumen technologies recently discovered this multifunctional Go-based malware.
Other than targetting the end users, the Go-based malware attacks internet applications, small office/home office(SOHO) routers, software servers etc.
It mainly generates by attacking devices uncorrected against various security vulnerabilities and SSH brute-forcing. Establishing a reverse shell will allow attackers to reconnect anytime for further exploitation. Chaos will also use stolen SSH keys to hijack more devices.
Experts analyzed 100 samples of chaos malware written in Chinese and used china based command and control(C2) infrastructure. And it is related to Kaiji malware which has been circulating for around two years. And it is used for a DDoS attack.
DDoS attacks by malware have targeted financial, gaming and technology companies and at least one cryptocurrency exchange. "Botnet infrastructure today is comparatively smaller than other DDoS malware families, but has potential to grow quickly".
Researchers added that some bots had received more than 70 different commands over a few days. The botnet focuses on European targets, especially Italy. But the bots spread almost everywhere with the hotspots in North and South America and
Asia pacific.
Chaos can exploit some known vulnerabilities. And malware is targetting Huawei and Zyxel devices.
"It targets not only enterprise and large organizations but also devices and systems that aren't monitored regularly, such as SOHO routers and FreeBSD OS. Chaos has rapidly grown since its first documented evidence in the wild," the Black lotus lab analysis says.
How to protect servers:
- Inform organizations about security patches and updates to prevent threats.
- Use a web application firewall and adequately configure it as new Golang malware spreads through vulnerable devices by scanning the internet.
- Keep trained security teams to identify the warning.
- Being aware of how malware works help the organization to monitor their windows and Linux server for such malicious activities and can take quick actions.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?