I'll dissect this a little... I am not doing anything better.
SSH infections using password brute-forcing and stolen keys also allow Chaos to spread from machine to machine inside an infected network.
If only people took the basic steps to prevent this.
First, it is designed to work across several architectures, including: ARM, Intel (i386), MIPS and PowerPC—in addition to both Windows and Linux operating systems.
See? We can have cross-platform software! Also, earlier in the article they mention FreeBSD. BSD !== Linux. Mac's are in the BSD family.
"is the work of a cybercriminal actor that is cultivating a network of infected devices to leverage for initial access, DDoS attacks and crypto mining,"
Another idea... Recently, a company that rented out hacked computers to use as proxies went down. This upset a bunch of malcontents. From the looks of when it grew, that'd coincide nicely with the time frame.
A few of the targets included DDoS-as-a-service providers.
Heh... No honor among thieves. Or, maybe that's their way of advertising! (They don't do this for fun anymore, it's all about the money.)
The two most important things people can do to prevent Chaos infections are to keep all routers, servers, and other devices fully updated and to use strong passwords and FIDO2-based multifactor authentication whenever possible.
Those are things everyone should be trying to do. They're mostly not even difficult. My Linux-Tips site has 2FA enabled for those who wish to use it - and anyone higher than a subscriber is forced to use it. I'm just one guy.
Most router malware can't survive a reboot. Consider restarting your device every week or so.
Now this is new to me. See? I learned something. In hindsight, that should be something I'd have guessed. It's SoC and it should reset during boot. I did not think of that.
They then go on to suggest using a key for SSH which, again, is something everyone should be doing. Even I do this stuff and I'm just a dabbler.
Finally, it looks like your desktop computer isn't the target. Desktop users probably don't have all that much to worry about. That doesn't mean you're immune, it just means you're not the intended target.