A New Go Malware Threat Emerges: Chaos Targeting Windows and Linux Systems
A new multifunctional malware written in the Go programming language has been discovered, posing a threat to both Windows and Linux systems. The threat intelligence team at Lumen Technologies, Black Lotus Labs, recently identified this new malware and issued an advisory to raise awareness about its capabilities.
Key Points:
- The malware, named Chaos by the threat actor, has been found in roughly 100 samples and is believed to have origins in China based on its command and control infrastructure.
- Chaos offers various features, including host environment enumeration, remote shell command execution, loading additional modules, propagation through SSH key theft and brute forcing, and launching DDoS attacks.
- Recent attacks by Chaos have targeted industries such as gaming, financial services, technology, media, entertainment, DDoS-as-a-service providers, and a cryptocurrency exchange.
- Organizations are advised to enhance their security measures by deploying DDoS mitigation services, patching systems regularly, and monitoring for indicators of compromise outlined in the Black Lotus Labs report.
- Consumers and remote workers should prioritize automatic software updates, password changes, and regular hardware reboots to safeguard against potential threats.
Mark Dehus, Director of Threat Intelligence at Black Lotus Labs, emphasized the increasing trend of malware written in Go due to its flexibility, low antivirus detection rates, and challenges in reverse-engineering. While Go has been a popular choice for malware authors, some actors are now shifting towards Rust, as observed by BlackCat and other cybersecurity research teams.
As the threat landscape continues to evolve, it is essential for individuals and organizations to stay vigilant against emerging threats like Chaos. By adopting proactive security measures and staying informed about the latest cybersecurity trends, we can better defend against malicious activities targeting our systems and data.