back to article Researchers smell a cryptomining Chaos RAT targeting Linux systems

A type of cryptomining malware targeting Linux-based systems has added capabilities by incorporating an open source remote access trojan called Chaos RAT with several advanced functions that bad guys can use to control remote operating systems. Trend Micro security researchers discovered the threat last month. Like earlier, …

  1. MrReynolds2U

    Can you expand a little

    I feel like this article is lacking information: like how to identify infections and remove. Links are fine but a little more info is always welcome considering how many of us run Linux systems. Also, some information as to how infection is achieved would be useful.

    Obviously I'll do some research of my own too.

    1. Paul Crawford Silver badge

      Re: Can you expand a little

      Well the linked article has gone as of now (10:29z on 13th Dec) and a search on Trend Micro also points to a now-missing page!

      404 as far as the eye can see...

      1. Wellyboot Silver badge

        Re: Can you expand a little

        I see it here,

        https://www.trendmicro.com/en_us/research/22/l/linux-cryptomining-enhanced-via-chaos-rat-.html

        1. yetanotheraoc Silver badge

          Re: Can you expand a little

          Thanks for the link. I had the same questions as MrReynolds2U.

          "We construe that this cryptocurrency-mining malware’s infection vector is a malicious, third-party/unofficial or compromised plugin (i.e., media-streaming software)."

          https://www.trendmicro.com/vinfo/dk/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth

  2. Tubz Silver badge

    Forgive my ignorance, no expert o the internet backbone but if the hosting service is known to be a bad actor, can it's traffic not be blocked from leaving Putin's Federation Of Nastyness ?

    1. MrReynolds2U

      That would set a dangerous precedent. The Internet is meant to exist without borders (although some countries are quite adept at blocking access to information).

      1. Lil Endian Silver badge

        Tell 'Now Broadband' that. Sad amounts of "protection" provided, beyond Shary Bobbins.

    2. Kevin McMurtrie Silver badge

      Also OVH, Cloudflare, DigitalOcean, BuyVM, Amazon, Google, Starcrecium, ReTN, Tencent, most of China...

      Cutting off hostile networks would temporarily collapse the whole Internet and ruin global economies. We're going for a slow and painful death by botnets instead.

  3. Lil Endian Silver badge
    Linux

    About Time!

    As a *nix user, I was feeling neglected by the rapscallions.

    the code kills competing malware ~ straight out of the Microsoft play book! And almost worth bringing the malware on-board, except I can't find any other nasties that it can flatten for me.

  4. pc-fluesterer.info
    Linux

    Initial compromise?

    *IF* the malware is aboard it can do this and that - fine.

    Big question is: *HOW* does it get there? What is the attack vector?

    If it is installed deliberately I wouldn't call it malware. And the installation does need the /root/ pw, always.

    To me this thing sounds more like "Give me all you money or I shoot myself!"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like