Sign in / up

back to article Researchers smell a cryptomining Chaos RAT targeting Linux systems

A type of cryptomining malware targeting Linux-based systems has added capabilities by incorporating an open source remote access trojan called Chaos RAT with several advanced functions that bad guys can use to control remote operating systems. Trend Micro security researchers discovered the threat last month. Like earlier, …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. MrReynolds2U

    Can you expand a little

    I feel like this article is lacking information: like how to identify infections and remove. Links are fine but a little more info is always welcome considering how many of us run Linux systems. Also, some information as to how infection is achieved would be useful.

    Obviously I'll do some research of my own too.

    24 0 Reply
    1. Paul Crawford Silver badge
      Reply Icon

      Re: Can you expand a little

      Well the linked article has gone as of now (10:29z on 13th Dec) and a search on Trend Micro also points to a now-missing page!

      404 as far as the eye can see...

      1 0 Reply
      1. Wellyboot Silver badge
        Reply Icon

        Re: Can you expand a little

        I see it here,

        https://www.trendmicro.com/en_us/research/22/l/linux-cryptomining-enhanced-via-chaos-rat-.html

        6 0 Reply
        1. yetanotheraoc Silver badge
          Reply Icon

          Re: Can you expand a little

          Thanks for the link. I had the same questions as MrReynolds2U.

          "We construe that this cryptocurrency-mining malware’s infection vector is a malicious, third-party/unofficial or compromised plugin (i.e., media-streaming software)."

          https://www.trendmicro.com/vinfo/dk/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth

          0 0 Reply
  2. Tubz Silver badge

    Forgive my ignorance, no expert o the internet backbone but if the hosting service is known to be a bad actor, can it's traffic not be blocked from leaving Putin's Federation Of Nastyness ?

    2 1 Reply
    1. MrReynolds2U
      Reply Icon

      That would set a dangerous precedent. The Internet is meant to exist without borders (although some countries are quite adept at blocking access to information).

      4 1 Reply

      1. This post has been deleted by its author

    2. Kevin McMurtrie Silver badge
      Reply Icon

      Also OVH, Cloudflare, DigitalOcean, BuyVM, Amazon, Google, Starcrecium, ReTN, Tencent, most of China...

      Cutting off hostile networks would temporarily collapse the whole Internet and ruin global economies. We're going for a slow and painful death by botnets instead.

      4 0 Reply

  3. This post has been deleted by its author

  4. pc-fluesterer.info
    Linux

    Initial compromise?

    *IF* the malware is aboard it can do this and that - fine.

    Big question is: *HOW* does it get there? What is the attack vector?

    If it is installed deliberately I wouldn't call it malware. And the installation does need the /root/ pw, always.

    To me this thing sounds more like "Give me all you money or I shoot myself!"

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like