Security News > 2022 > September > New Chaos malware infects Windows, Linux devices for DDoS attacks

A quickly expanding botnet called Chaos is targeting and infecting Windows and Linux devices to use them for cryptomining and launching DDoS attacks.
Even though it mainly propagates by attacking devices unpatched against various security vulnerabilities and SSH brute-forcing, Chaos will also use stolen SSH keys to hijack more devices.
"Using Lumen global network visibility, Black Lotus Labs enumerated the C2s and targets of several distinct Chaos clusters, including a successful compromise of a GitLab server and a spate of recent DDoS attacks targeting the gaming, financial services and technology, and media and entertainment industries - as well as DDoS-as-a-service providers and a cryptocurrency exchange," the researchers said.
"While the botnet infrastructure today is comparatively smaller than some of the leading DDoS malware families, Chaos has demonstrated rapid growth in the last few months."
Chaos seems to be using building blocks and capabilities from another botnet known as Kaiji, a malware also capable of cryptomining, launching DDoS attacks, and establishing reverse shells on infected devices.
Black Lotus Labs says it has null-routed all Chaos C2 servers on Lumen's global backbone to block them from sending or receiving data from infected devices.
News URL
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Mirai botnet behind the largest DDoS attack to date (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)