- ITDM 2025 전망 | “비전을 품은 기술 투자, 모두가 주춤한 시기에 진가 발휘할 것” 컬리 박성철 본부장
- The Model Context Protocol: Simplifying Building AI apps with Anthropic Claude Desktop and Docker | Docker
- This robot vacuum and mop performs as well as some flagship models - but at half the price
- Finally, a ThinkPad model that checks all the boxes for me as a working professional
- Why I recommend this Android phone for kids over a cheap Samsung or Motorola model
Chaos RAT Used to Enhance Linux Cryptomining Attacks
The Chaos remote administrative tool (RAT) has been used to improve the efficiency of cryptocurrency mining attacks against Linux systems.
The findings from Trend Micro security researchers were detailed in an advisory published on Sunday.
“We’ve previously written about cryptojacking scenarios involving Linux machines and specific cloud computing instances being targeted by threat actors active in this space, such as TeamTNT,” the security experts wrote.
During their investigative efforts, Trend Micro said they found that the attacker tactics were similar, even if they involved different threat actors.
“The initial phase saw attackers trying to kill off competing malware, security products, and other cloud middleware. This was followed by routines for persistence and payload execution, which in most cases is a Monero (XMR) cryptocurrency miner,” reads the technical write-up.
For more sophisticated threats, Trend Micro said they have also observed capabilities that allowed infection on more devices.
“In November 2022, we intercepted a threat that had a slightly different routine and incorporated an advanced RAT named Chaos […] which is based on an open-source project.”
In the newly observed attacks, the main downloader script and further payloads were hosted in different locations to ensure that the campaign remained active and kept on spreading.
During this malicious campaign, the scripts spotted by Trend Micro showed that the main server, which was also used for downloading payloads, appeared to be located in Russia.
From a technical standpoint, the Chaos RAT is a Go-compiled binary with several functions, including executing reverse shells, downloading and uploading files, and taking screenshots, among others.
“On the surface, the incorporation of a RAT into the infection routine of a cryptocurrency mining malware might seem relatively minor,” Trend Micro wrote.
“However, given the tool’s array of functions and the fact that this evolution shows that cloud-based threat actors are still evolving their campaigns, it is important that both organizations and individuals stay extra vigilant when it comes to security.”
The Trend Micro advisory comes roughly two months after decentralized finance (DeFi) platform Moola Market confirmed it suffered a security incident leading to a loss of up to $9m worth of cryptocurrency.