• We did not send an email asking for donations - please read this post.

Never-before-seen malware has infected hundreds of Linux and Windows devices

ML_113

Member
Joined
Jan 15, 2022
Messages
67
Reaction score
35
Credits
451
Chaos

Small office routers? FreeBSD machines? Enterprise servers? Chaos infects them all.

Ars Technica
 


kc1di

Well-Known Member
Joined
May 14, 2021
Messages
1,292
Reaction score
1,084
Credits
9,279
I read that article this morning also Thanks for sharing.
For those who want to read the whole article you can find it here.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
7,452
Reaction score
6,437
Credits
60,409
I'll dissect this a little... I am not doing anything better.

SSH infections using password brute-forcing and stolen keys also allow Chaos to spread from machine to machine inside an infected network.

If only people took the basic steps to prevent this.

First, it is designed to work across several architectures, including: ARM, Intel (i386), MIPS and PowerPC—in addition to both Windows and Linux operating systems.

See? We can have cross-platform software! Also, earlier in the article they mention FreeBSD. BSD !== Linux. Mac's are in the BSD family.

"is the work of a cybercriminal actor that is cultivating a network of infected devices to leverage for initial access, DDoS attacks and crypto mining,"

Another idea... Recently, a company that rented out hacked computers to use as proxies went down. This upset a bunch of malcontents. From the looks of when it grew, that'd coincide nicely with the time frame.

A few of the targets included DDoS-as-a-service providers.

Heh... No honor among thieves. Or, maybe that's their way of advertising! (They don't do this for fun anymore, it's all about the money.)

The two most important things people can do to prevent Chaos infections are to keep all routers, servers, and other devices fully updated and to use strong passwords and FIDO2-based multifactor authentication whenever possible.

Those are things everyone should be trying to do. They're mostly not even difficult. My Linux-Tips site has 2FA enabled for those who wish to use it - and anyone higher than a subscriber is forced to use it. I'm just one guy.

Most router malware can't survive a reboot. Consider restarting your device every week or so.

Now this is new to me. See? I learned something. In hindsight, that should be something I'd have guessed. It's SoC and it should reset during boot. I did not think of that.

They then go on to suggest using a key for SSH which, again, is something everyone should be doing. Even I do this stuff and I'm just a dabbler.

Finally, it looks like your desktop computer isn't the target. Desktop users probably don't have all that much to worry about. That doesn't mean you're immune, it just means you're not the intended target.
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
7,835
Reaction score
6,659
Credits
29,046
Moving this to LInux Security.

Wizard
 
Joined
Nov 16, 2021
Messages
97
Reaction score
33
Credits
700
does this affect hardened bsd? wonder if the fact that it is specifically developed to be secure means anything in this case
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
7,835
Reaction score
6,659
Credits
29,046
@ML_113 - anything that does not directly include Linux you could put in Off Topic, please.

Thanks

Chris Turner
wizardfromoz
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Members online


Latest posts

Top