Site icon TechNewsBoy.com

A new dangerous malware is turning Windows and Linux devices into DDoS tools

Cybersecurity researchers have discovered a new malware strain that infects Windows and Linux endpoints (opens in new tab) of all sizes and uses them for distributed denial of service (DDoS) attacks and cryptocurrency mining.

Experts from Lumen’s Black Lotus Labs say the malware is written in Chinese and uses China-based command & control (C2) infrastructure.

They called it Chaos, and say it is built on Go. It is able to infect all kinds of devices, from those running on x86 infrastructure, to certain ARM-based devices. In a nutshell, everything from home routers to enterprise servers is at risk. Apparently, Chaos is the next iteration of the Kaiji malware, another strain that was able to mine cryptocurrencies and launch DDoS attacks. 

Kaiji returns

“Based upon our analysis of the functions within the more than 100 samples we analyzed for this report, we assess Chaos is the next iteration of the Kaiji botnet,” they said. It expands by looking for known, unpatched vulnerabilities, as well as SSH brute-force attacks. 

What’s more, it can use stolen SSH keys to infect an even greater number of endpoints. 

Whoever the threat actors are, they’re not limiting themselves to a specific industry, though: “Using Lumen global network visibility, Black Lotus Labs enumerated the C2s and targets of several distinct Chaos clusters, including a successful compromise of a GitLab server and a spate of recent DDoS attacks targeting the gaming, financial services and technology, and media and entertainment industries – as well as DDoS-as-a-service providers and a cryptocurrency exchange,” the researchers said.

“While the botnet infrastructure today is comparatively smaller than some of the leading DDoS malware families, Chaos has demonstrated rapid growth in the last few months.”

When it comes to geographies, though, Chaos does seem to have a preference. Even though there are bots everywhere, from the Americas, to the Asia-Pacific region (APAC), most of its victims are based in Europe. 

Via: BleepingComputer (opens in new tab)

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version