Security News > 2022 > September > New Chaos malware infects Windows, Linux devices for DDoS attacks

A quickly expanding botnet called Chaos is targeting and infecting Windows and Linux devices to use them for cryptomining and launching DDoS attacks.

Even though it mainly propagates by attacking devices unpatched against various security vulnerabilities and SSH brute-forcing, Chaos will also use stolen SSH keys to hijack more devices.

"Using Lumen global network visibility, Black Lotus Labs enumerated the C2s and targets of several distinct Chaos clusters, including a successful compromise of a GitLab server and a spate of recent DDoS attacks targeting the gaming, financial services and technology, and media and entertainment industries - as well as DDoS-as-a-service providers and a cryptocurrency exchange," the researchers said.

"While the botnet infrastructure today is comparatively smaller than some of the leading DDoS malware families, Chaos has demonstrated rapid growth in the last few months."

Chaos seems to be using building blocks and capabilities from another botnet known as Kaiji, a malware also capable of cryptomining, launching DDoS attacks, and establishing reverse shells on infected devices.

Black Lotus Labs says it has null-routed all Chaos C2 servers on Lumen's global backbone to block them from sending or receiving data from infected devices.

News URL

https://www.bleepingcomputer.com/news/security/new-chaos-malware-infects-windows-linux-devices-for-ddos-attacks/