Chaos Malware Quietly Evolves Persistence and Evasion Techniques

Chaos malware, a variant of the Kaiji botnet, has evolved to include ransomware, remote access trojan (RAT), and DDoS functionalities, with its recent iterations observed attacking misconfigured Apache Tomcat environments. Developed in Golang, Chaos targets both Windows and Linux systems and showcases persistence and evasion techniques by replacing common user binaries and utilizing cron jobs and systemd services to ensure it runs on system reboots. Despite its advanced persistence strategies, its presence is often obscured, and its impact can be mitigated by addressing the initial access vector, likely a known vulnerability. Analysis revealed that while the malware's core functionality remains similar to its predecessor, its binary has been obfuscated between attacks, suggesting an attempt to evade detection. The lack of widespread deployment or misclassification underlines the need for updated awareness and protective measures in environments susceptible to such threats.