Security experts detected a multi-purpose malware written in the Go programming language infecting Windows and Linux-based devices.
After testing nearly 100 samples of the malware dubbed ‘Chaos’, Black Lotus Labs – the threat intelligence team of Lumen Technologies – concluded that the stealthy design of the malware and its ability to infect multiple platforms was the work of a skilled cybercriminal. The use of the ‘Go programming’ language assists the malware in being flexible, difficult to reverse engineer, and capable of evading antivirus detection.
As per reports, the ‘Chaos’ malware is linked to China as it is written in Chinese. In one of the cases investigated by the researchers, the term ‘unknown’ was mentioned in Chinese as “windwos 未知”.
Cybercriminals have used Chaos malware for a few years to attack systems belonging to large organizations, enterprises, and devices. It can also detect host environments, run remote shell commands, load modules, steal data, self-propagate, and launch DDoS attacks.
DDoS attacks using Chaos
Over two dozen organizations, including financial, gaming, media and entertainment, were targeted with multiple DDoS attacks in September this year. The cyberattack using ‘Chaos’ led to a massive rise in its traffic in a few days. Over 12,000 IP addresses were visiting a service provider beyond its usual traffic in one instance.
Researchers also found that the IP addresses of some of the detected server samples did not have valid certificates. Instead, ‘Chaos’ was mentioned in the signature. 15 such files were found in April, 39 in May, 93 in August, and 111 in September.
Moreover, experts also suggest a connection between Chaos and a botnet ‘Kaiji’ with the former having improved capabilities. Kaiji was found in 2020 and impacted Linux-based AMD and i386 servers using SSH (Secure Shell) brute forcing, enabling it to operate over the network.
The brute force uses trial and error techniques to determine the target’s login credentials. Botnets are used to run DDoS attacks, steal data, and access devices, among other cybercrimes.