• We had to restore from a backup today after a failed software update. Backup was from 0000 EDT and restored it at 0800 EDT so we lost about 8hrs. Today is 07/20/2024. More info here.

Never-before-seen malware has infected hundreds of Linux and Windows devices

ML_113

Active Member
Joined
Jan 15, 2022
Messages
339
Reaction score
173
Credits
2,193
Chaos

Small office routers? FreeBSD machines? Enterprise servers? Chaos infects them all.

Ars Technica
 


I read that article this morning also Thanks for sharing.
For those who want to read the whole article you can find it here.
 
I'll dissect this a little... I am not doing anything better.

SSH infections using password brute-forcing and stolen keys also allow Chaos to spread from machine to machine inside an infected network.

If only people took the basic steps to prevent this.

First, it is designed to work across several architectures, including: ARM, Intel (i386), MIPS and PowerPC—in addition to both Windows and Linux operating systems.

See? We can have cross-platform software! Also, earlier in the article they mention FreeBSD. BSD !== Linux. Mac's are in the BSD family.

"is the work of a cybercriminal actor that is cultivating a network of infected devices to leverage for initial access, DDoS attacks and crypto mining,"

Another idea... Recently, a company that rented out hacked computers to use as proxies went down. This upset a bunch of malcontents. From the looks of when it grew, that'd coincide nicely with the time frame.

A few of the targets included DDoS-as-a-service providers.

Heh... No honor among thieves. Or, maybe that's their way of advertising! (They don't do this for fun anymore, it's all about the money.)

The two most important things people can do to prevent Chaos infections are to keep all routers, servers, and other devices fully updated and to use strong passwords and FIDO2-based multifactor authentication whenever possible.

Those are things everyone should be trying to do. They're mostly not even difficult. My Linux-Tips site has 2FA enabled for those who wish to use it - and anyone higher than a subscriber is forced to use it. I'm just one guy.

Most router malware can't survive a reboot. Consider restarting your device every week or so.

Now this is new to me. See? I learned something. In hindsight, that should be something I'd have guessed. It's SoC and it should reset during boot. I did not think of that.

They then go on to suggest using a key for SSH which, again, is something everyone should be doing. Even I do this stuff and I'm just a dabbler.

Finally, it looks like your desktop computer isn't the target. Desktop users probably don't have all that much to worry about. That doesn't mean you're immune, it just means you're not the intended target.
 
I wonder if IT departments use Qubes on a regular basis?
 
Moving this to LInux Security.

Wizard
 
does this affect hardened bsd? wonder if the fact that it is specifically developed to be secure means anything in this case
 
@ML_113 - anything that does not directly include Linux you could put in Off Topic, please.

Thanks

Chris Turner
wizardfromoz
 

Members online


Latest posts

Top