A new sophisticated malware, written in the Go programming language, has been identified by Black Lotus Labs, the threat intelligence team at Lumen Technologies. This malware, known as Chaos, has been found to target both Windows and Linux systems.
Black Lotus Labs discovered approximately 100 samples of Chaos, which appeared to be China-based due to its Chinese language coding and command and control infrastructure. The malware offers a range of functionalities, including the ability to gather information about the host environment, execute remote shell commands, load additional modules, propagate through stealing and brute forcing Secure Shell (SSH) private keys, and launch Distributed Denial of Service (DDoS) attacks.
Mark Dehus, the director of threat intelligence at Black Lotus Labs, expressed concern about the rapid growth of Chaos, stating that it had quadrupled in size in just two months. The company reported instances of Chaos successfully compromising a GitLab server and conducting DDoS attacks against various industries, including gaming, financial services, technology, media, and entertainment.
Dehus emphasized the importance of organizations enhancing their security measures by implementing services like DDoS mitigation. He advised network administrators to regularly patch systems and monitor for signs of infection using the indicators of compromise (IoCs) provided in the Black Lotus Labs report. Additionally, he recommended consumers and remote workers to enable automatic software updates, change passwords regularly, and reboot devices.
The rise of malware written in Go has been a growing trend, attributed to its flexibility, low antivirus detection rates, and the challenge of reverse-engineering software developed using this language. While research teams from Securonix Threat and Trend Micro have also observed this trend, there are indications that some threat actors, such as BlackCat, are transitioning to Rust.
In conclusion, the threat posed by Chaos underscores the importance of maintaining robust cybersecurity practices. By staying vigilant, updating systems regularly, and leveraging security tools, organizations and individuals can mitigate the risks associated with advanced malware attacks.