Numerous devices targeted by novel Chaos malware

Windows and Linux devices, as well as enterprise servers and small office/home office routers are being targeted to be absorbed in the botnet of the new Go-based Chaos malware, according to The Hacker News. Hundreds of unique IP addresses corresponding to Chaos bots were observed from mid-June to mid-July, most of which were in Europe, particularly in Italy, although some infections were also found in the U.S. and China, a report from Lumen's Black Lotus Labs. Aside from enabling host environment enumeration and remote shell command execution, Chaos also facilitates additional module loading, automated spread through SSH private key theft and brute-forcing, and distributed denial-of-service attack deployment. The report also showed that up to 70 different commands could be executed by Chaos, including vulnerabilities, tracked as CVE-2017-17215 and CVE-2022-30525. "We are seeing a complex malware that has quadrupled in size in just two months, and it is well-positioned to continue accelerating. Chaos poses a threat to a variety of consumer and enterprise devices and hosts," said Black Lotus Labs Director of Threat Intelligence Mark Dehus.