European entities have been concerned over a new threat brought by the Chaos malware, a Go-lang-based ransomware strain built for Windows and Linux operating systems. This malware also targets several consumer devices, office and home routers, and enterprise servers.
Based on previous studies, Chaos allegedly originated from the Kaiji DDoS malware. In this latest variant, researchers noted that it can now automatically exploit existing vulnerabilities in the targeted devices and allow its operators to scan the targeted systems. The malware can also move and propagate laterally inside the compromised system for DDoS and crypto-mining attacks.
As researchers observed the rapid growth and acceleration of the malware in a matter of months, they noted that it poses a massive threat to consumers and enterprise devices across Europe and targets known security flaws, especially if the targeted host left it unpatched.
Hundreds of Chaos malware clusters heavily concentrated in Europe were found from June to mid-July this year.
Security analysis about Chaos malware showed that hundreds of its clusters written in Chinese were discovered from June to mid of July this year, as it continually expanded all over Europe throughout August and September. However, there are also signs of Chaos spreading in North and South America and the Asia Pacific.
The observation of the malware also revealed that, for the first few weeks of this month, there were multiple DDoS commands targeting domains and IP addresses of organisations within several industries, such as gaming, media, tech, and finance.
No cybercriminal group or malicious entity is currently attributed to the Chaos malware. Still, experts believe that its operators are intentionally refining a group of compromised devices for them to execute initial hacking access, DDoS, and crypto-mining attacks.
Furthermore, its operators had listed out known vulnerabilities it sought to target, with at least one of its bots receiving 70 different commands from the operators within a few days. Two known vulnerabilities that the Chaos malware had targeted are CVE-2017-17215 and CVE-2022-30525.
This recent development about Chaos malware implies that threats across the cybercriminal landscape will continue to propagate. Users and organisations are advised to stay alert against potential risks brought by these malware strains to their safety.