Another day, another never-before-seen malware – but this time, a standard malware removal tool won’t protect your computer against infection.
There’s a fair deal of concern over the abilities of a new cross-platform malware dubbed Chaos. It’s a rapidly spreading botnet used to take over both Windows and Linux devices for crypto mining and launching DDoS attacks.
Go-based malware has become more prominent during the last few years, but researchers are sitting up and taking particular note of the new, Go-based Chaos malware for two reasons:
● Firstly, Chaos can attack a very wide range of architectures (x86, x86-64, AMD64, MIPS, MIPS64, ARMv5-ARMv8, AArch64, and PowerPC). Additionally, both Windows and Linux operating systems are susceptible. Targets include large enterprise services, home Wi-Fi routers, small office routers – potentially, almost anything that connects to the internet.
● Secondly, Chaos malware doesn’t rely on the usual user-as-weakest-link to spread via spam and phishing. It self-propagates through known security weaknesses. It also has brute force capabilities, and it can steal and use SSH keys.
The Chaos botnet is spreading rapidly through devices and systems outside of enterprise security systems, and it’s coming for your router.
It seems to be sparing no one: According to Black Lotus Labs, the threat intelligence firm that identified and named the Chaos malware, they’ve seen attacks on targets in the media, gaming, financial services, and technology firms. In a somewhat ironic twist, Chaos has also attacked some DDoS-as-a-service providers and a cryptocurrency exchange service.
Enterprise-scale systems are relatively well prepared to fight off Chaos infections. That’s not the case for remote workers, home-based offices, IoT gadget fans, and regular home router owners who lack access to enterprise-level security tools, skills, or information.
Small businesses and home users can protect themselves with these steps:
● Fortunately, the vast majority of router malware can’t survive a reboot. Make a note to restart your router once a week or more often if you can.
● Protect your router with a VPN. It guards the traffic that comes in and goes out of your private home/office network. An advanced, malware-detecting VPN is your first line of defense. At this moment, it’s also your only defense against Chaos malware.
● Install a reputable, preferably premium, anti-malware solution on all your Windows, Android, and even Linux devices. Windows/Android users have access to several top-of-the-range anti-malware solutions. Linux desktop users have access to Clam AV, and other, more sophisticated malware removal and anti-intrusion tools are available for Linux servers.
● Install security updates and patches the minute they are released.
● Disable root access on the devices that don’t need it.
● As a precaution, change the passwords on all your devices. Never allow a router or gadget to operate with default or a factory-set password.
● Use 2FA or FIDO2-based multi-factor authentication whenever possible.
The increase in popularity of Go-based does not bode well for everyday internet users. Chaos is one of the first major multi-platform malware threats, but it won’t be the last.
Protect your router with a VPN: it’s the first stop between the internet and your computer and the only gateway between your IoT gadgets and malware threats.