New Kaiji Modular Malware Variant "Chaos" Targets Europe

Read Time:1 Minute, 48 Second

FortiGuard Labs is aware of a new variant of modular malware “Kaiji” targeting Windows and Linux machines and devices belonging to both consumers and enterprises in Europe. Dubbed “Chaos”, the malware connects to command and control (C2) servers and performs various activities including launching Distributed Denial of Service (DDoS) attacks and mining crypto currencies.Why is this Significant?This is significant because the Chaos malware targets both consumers and enterprises in Europe by exploiting various vulnerabilities. Infected machines will join a botnet which are then used for malicious activities such as DDoS attacks and cryptocurrency mining.What is Chaos Malware?Chaos is a Go-based modular malware for Windows and Linux and is allegedly an updated version of Kaiji malware. Chaos malware connects to C2 servers and receives remote commands as well as modules for additional functionality. According to security vendor Black Lotus Labs, Chaos is primarily used for DDoS attacks and cryptocurrency mining. It is also designed to spread to other systems through SSH and exploitation of various vulnerabilities.It is important to note that ransomware with a similar name exists (Chaos ransomware), but they are completely unrelated.What Vulnerabilities Does Chaos Exploit for Propagation?The following vulnerabilities were exploited by Chaos malware according to Black Lotus Labs:Command Execution vulnerability in Huawei HG532 Router (CVE-2017-17215)Command Injection Vulnerability in Zyxel firewalls (CVE-2022-30525)Note – that since Chaos is a modular malware and receives remote commands, it may exploit other vulnerabilities including Authentication Bypass Vulnerability in F5 BIG-IP (CVE-2022-1388).Have Vendors Released Patches for CVE-2017-17215, CVE-2022-30525 and CVE-2022-1388?Patches are available for CVE-2022-30525 and CVE-2022-1388. We are currently unaware of any vendor supplied patches for CVE-2017-17215.What is the Status of Protection?FortiGuard Labs will detect Chaos DDoS malware with the following AV signatures:Linux/Kaiji.C!trW32/Ransom_Foreign.R002C0WG222W32/PossibleThreatFortiGuard Labs provides the following IPS signatures for the vulnerabilities exploited by Chaos malware:Huawei.HG532.Remote.Code.Execution (CVE-2017-17215)ZyXEL.Firewall.ZTP.Command.Injection (CVE-2022-30525)F5.BIG-IP.iControl.REST.Authentication.Bypass (CVE-2022-1388)

Cryptomining Malware Found in Popular Open Source Packages

Interpol Identifies Over 140 Human Traffickers in New Initiative

ICO Warns of Mobile Phone Festive Privacy Snafu

Friday Squid Blogging: Squid Sticker

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe

Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers

LockBit Admins Tease a New Ransomware Version

Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns

CISA Urges Encrypted Messaging After Salt Typhoon Hack

New Kaiji Modular Malware Variant “Chaos” Targets Europe

CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205

USN-7179-1: Linux kernel vulnerabilities

USN-7173-2: Linux kernel vulnerabilities

swiftlint-0.57.1-1.fc42

USN-7166-3: Linux kernel (HWE) vulnerabilities

USN-7159-4: Linux kernel (IoT) vulnerabilities