Threat hunters have identified a new remote access trojan (RAT) known as Chaos RAT, which targets both Windows and Linux systems. Recent reports from Acronis indicate that it is distributed via phishing schemes disguised as network utilities. It provides an extensive feature set akin to notable tools like Cobalt Strike, allowing attackers significant control over infected devices. Its use has been heavily linked with cryptocurrency mining, with its initial public activity noted in December 2022. The rat has evolved to incorporate techniques for persistence and wider deployment.
"Chaos RAT is an open-source RAT written in Golang, offering cross-platform support for both Windows and Linux systems," security researchers Santiago Pontiroli, et al.
"Inspired by popular frameworks such as Cobalt Strike and Sliver, Chaos RAT provides an administrative panel where users can build payloads, establish sessions, and control compromised machines."
"The Linux variants of the malware have since been detected in the wild, often in connection with cryptocurrency mining campaigns."
Collection
[
|
...
]