This is Chaos: the malware that has infected millions of Windows and Linux computers and devices

Black Lotus Labs, a research arm of security company Lumen has discovered never-before-seen malware that is affecting Windows and Linux systems.

Nicknamed Chaos, the malware is designed to carry out various types of cyberattacks against systems Windows and Linuxto use them for cryptocurrency mining and launching DDoS attacks.

This Go-based malware It can also infect various architectures such as x86, x86-64, AMD64, MIPS, MIPS64, ARMv5-ARMv8, AArch64 and PowerPC used by a wide range of devices. Specifically, we are talking about devices such as routers from small offices, FreeBSD boxes, and large enterprise servers.

It was first discovered on April 16 though from June to mid-July, researchers found hundreds of unique IP addresses that had devices infected with Chaos, as it was nicknamed.

Through this malware, which it is intuited that it has Chinese originhave attacked organizations related to the world of video games, financial services, technologymedia and entertainment, and cryptocurrency exchanges through DDoS attacks.

“Given the suitability of Chaos malware to operate across a range of devices, its multipurpose functionality, and the stealth profile of the network behind it, this activity is the work of a cybercriminal who is cultivating a network of infected devices to take advantage of. initial access, DDoS attacks and cryptocurrency mining”explain two of its researchers.

Chaos Malware: Rapid Growth and How to Get Around It

The main problem is that Chaos has shown rapid growth in recent months. The servers used to infect new devices have multiplied in recent months, from 39 in May to 93 in August. Until last Tuesday, the number amounted to 111.

Infected IP addresses indicate that Chaos infections are mostly concentrated in Europe, with smaller foci in North and South America and Asia-Pacific. The only exceptions are Australia and New Zealand, where no Chaos bots have been detected so far. Technical details of the malware are available in a Lumen blog post.

Considering that Chaos targets devices that are not routinely monitored and are unpatched, one constant review should help thwart attacks and keep our security. More importantly, Black Lotus Labs researchers advise performing proper and regular patch management procedures as it looks for vulnerabilities to spread its infection.

On the other hand, in order to avoid this malware and improve security, advise restarting enterprise routers every week, since most router malware does not survive a reboot. In addition, it is recommended that you change the default passwords that these devices are initially shipped with.