Cross-platform Chaos malware
A new Botnet is taking hold of Windows and Linux devices alike, using them to start DDoS (Distributed Denial of Service) attacks. Chaos, a Go-based malware, can infect various architectures like x86, AMD64, ARMv5 and many more. With such a wide spectrum, it does not just target high value devices, it also targets smaller ones. The malware mainly focuses on unpatched devices, but also tries to hijack other devices with brute forcing or stolen SSH keys. After infecting one, it creates a backdoor for itself to be able to communicate with their C2-Server (Command and Control).
Researchers from the Black Lotus Labs were able to identify targets of the Chaos clusters. They cover a broad range targeting gaming to financial services, media and entertainment industry as well as their competitors, DDoS-as-a-service providers.
Interested in knowing more about Chaos? Here three interesting sources:
- Chaos is a Go-based Swiss army knife of malware (blog.lumen.com)
- New Chaos malware infects Windows, Linux devices for DDoS attacks (bleepingcomputer.com)
- Chaos IoT malware taps Go language to harvest Windows, Linux for DDoS attacks (zdnet.com)
Patch of the week
WhatsApp has fixed two remote code execution vulnerabilities for WhatsApp for Android and its Business version prior to v126.96.36.199 and WhatsApp for iOS and its Business prior to v188.8.131.52.
- The first vulnerability CVE-2022-36934 (CVS 9,8) allowed the attackers to achieve remote code execution during a video call.
- The second vulnerability CVE-2022-27492 (CVS 7,8) caused remote code execution when receiving a crafted video file.
Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.
Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.
And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.