Researchers at Black Lotus Labs, security firm Lumen Technologies’ research unit, have identified a novel cross-platform malware. Dubbed Chaos by researchers, this malware has infected numerous Windows and Linux devices, including enterprise servers, FreeBSD boxes, and small office routers.
Researchers Discovered ‘Chaos’
Lumen’s researchers have dubbed the malware Chaos because this word repeatedly appears in file names, function names, and certificates that the malware uses. The malware is written in Chinese and uses a China-based command and control infrastructure.
The malware was first detected on 16 April after its first control servers cluster went live in the wild. Between June and mid-July, hundreds of unique IP addresses were detected that represented devices infected with Chaos.
In recent months, the infection rate has intensified, with the number of compromised devices increasing from 39 in May to 93 in August and 111 in September. They analyzed around 100 samples of Chaos malware.
Chaos- a Multifunctional Malware
Black Lotus Labs researchers wrote that Chaos is a Go-based, multifunctional malware that targets devices based on multiple platforms such as Windows and Linux.
In their report, researchers noted that the malware’s potency is because of several factors, such as its capability to work across multiple architectures, including MIPS, ARM, PowerPC, and Intel (i386), apart from its effects on the two operating systems. This malware supports 70 different commands.
“Chaos functionlity includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through stealing and brute forcing SSH private