It’s been a tough year for the cybersecurity world. We’ve seen some of the biggest data breaches in history, new and improved strains of malware, and an overall increase in cybercrime. In the midst of all this chaos, one Kaiji malware strain stands out above the rest that Cyber Security experts are sounding the alarm about called ‘Chaos’.
The malware is developed in Chinese and employs command and control (C2) infrastructure headquartered in China. It is capable of infecting a wide range of devices, including those running on x86 infrastructure and some ARM-based systems.
To summarise, anything from routers to database servers seem to be vulnerable. Chaos appears to be the next edition of the Kaiji ransomware, another strain capable of mining cryptocurrency and launching DDoS attacks. Here’s what you need to know about the Chaos malware.
Table of Contents
- How Does the Chaos Malware Work?
- What Devices Are at Risk?
- How to Protect Yourself from Chaos Malware
- Speak to a CyberSecurity Expert
- The Kaiji malware
How Does the Chaos Malware Work?
Chaos Ransomware is malicious software that encrypts data and generates a ransom demand message to prevent users from accessing them (for example, a text file).
Chaos is an improved version of RYUK, another ransomware variant. This version replaces each encrypted file’s extension with a string of ransom characters. Chaos places a ransom letter (the “read it.txt” text file) in every folder that contains encrypted files.
Most ransomware-generated ransom notes include contact and payment information such as an email address, the cost of a decryption tool, a Bitcoin (or other cryptocurrency) wallet address, and so on.
The Chaos malware is a cryptocurrency miner that uses victims’ resources to mine for the various cryptocurrencies. The malware is also capable of launching DDoS attacks. The experts at Lumen’s Black Lotus Labs say that the malware is written in Go, with a focus on cross-platform compatibility. This means that the malware can infect devices running on different types of infrastructure, including x86 and ARM-based devices.
The malware communicates with its C2 server using the HTTP protocol. Once it has infected a device, it will attempt to disable security features and then start mining for cryptocurrency. The sophistication of the malware lies in its ability to maintain a low profile on infected devices. For example, it will throttle its CPU usage so as not to raise any red flags with users or administrators.
But what makes Chaos truly unique is its ability to spread itself through vulnerable Wi-Fi networks. That’s right, Chaos can infect your computer just by being in range of an infected Wi-Fi network! And once it’s on your system, it’s very difficult to remove.
What Devices Are at Risk?
Any device that is connected to the internet is at risk of being infected by the Chaos malware. This includes home routers, IoT devices, and even enterprise servers. The fact that the malware can infect devices running on different types of infrastructure makes it even more dangerous. So far, there have been no reports of any infections in the wild, but it is only a matter of time before someone somewhere gets hit by this malicious software.
How to Protect Yourself from Chaos Malware
The best way to protect yourself from Chaos is to avoid using public Wi-Fi whenever possible. If you must use public Wi-Fi, make sure you’re using a VPN (virtual private network) to encrypt your traffic.
You should also make sure that your computer’s firewall is enabled and that you’re running up-to-date antivirus software. Unfortunately, there is no guaranteed way to remove Chaos once it’s infected your system. However, reformatting your hard drive and reinstalling your operating system will usually do the trick.
Chaos is a serious threat to both personal and corporate cybersecurity as it is a serious threat to internet-connected devices everywhere. Cybersecurity experts are urging people to exercise caution and take steps to protect their devices from this new strain of malware. If you believe your device may be infected, be sure to run a security scan as soon as possible. And remember: always be vigilant when it comes to cybersecurity!
Speak to a CyberSecurity Expert
The Kaiji malware
What is the Kaiji Malware?
The Kaiji malware is a type of malicious software that first gained notoriety in 2019. This sophisticated piece of software has been designed to target businesses and steal sensitive information and is notable for being one of the first pieces of malware to specifically target cryptocurrencies. Here’s what you need to know about the Kaiji malware and how it can impact your business.
Where did it originate from?
The Kaiji malware is believed to be of North Korean origin due to its similarities to other pieces of North Korean-affiliated malware, such as Lazarine and PapaFox. These similarities include shared code and infrastructure as well as similar methods of distribution. The fact that North Korea has been linked to previous attacks on cryptocurrency exchanges also suggests that they were behind the Kaiji malware.
The Kaiji malware was first discovered in May of 2019 by researchers at Cisco’s Talos Intelligence Group. It was initially found in a phishing campaign that was targeting users of Google’s Chrome browser. The email claimed to be from a legitimate company and contained a PDF attachment. If opened, the PDF would redirect the user to a fake website that would prompt them to input their login credentials. Once the credentials were entered, they would be sent to the attacker’s server.
What does it affect?
While the initial attack was relatively unsophisticated, the fact that it specifically targeted cryptocurrency users caught the attention of security researchers. Cryptocurrency users are often targets of phishing attacks due to the fact that they often have large amounts of money stored in their online wallets. The fact that this particular attack was able to steal login credentials for popular cryptocurrency exchanges suggested that the attackers were specifically targeting these users.
The Kaiji malware works by infecting a computer and then lying dormant until it detects that the user is connected to a corporate network. Once it has established a connection to a corporate network, the malware will begin stealing sensitive information such as login credentials and financial data. The stolen data is then exfiltrated to a server controlled by the attackers.
This Malware can have serious impacts on businesses that are infected with it. The loss of sensitive information can lead to financial losses and damage to a company’s reputation. In addition, the malware can also be used to launch attacks against other computers on the same network. This could result in downtime for critical systems and data loss.
How to Protect Yourself Against Kaiji
- Organisations must use effective cybersecurity tools to scan and secure hosts and the networking environment.
- Use verification security controls like two-factor authentication or multi-factor authentication.
- Use an Intrusion Prevention System (IPS) or Intrusion Detection System (IDS) as well as content filtering software.
- Use strong cryptography.
- Set a baseline for network traffic and create limits, this will prevent botnets and DDoS attacks as the server will only accept requests it can handle.
- Use a Content Distribution Network (CDN) to store data across multiple servers. This prevents DDoS attacks from overwhelming the hosting server because a user can access data from servers that are not under attack.
The Kaiji malware is a threat that businesses need to be aware of. It’s important to take steps to protect yourself from this sophisticated piece of software, which can lead to financial losses and damage to your company’s reputation. By staying informed and taking precautions, you can help keep your business safe from this and other threats.
