Feeds2.Feedburner
Chaos Malware Variant Targets Misconfigured Linux Cloud Servers
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A new variant of Chaos malware, originally targeting routers, has been observed exploiting misconfigured Linux cloud servers. This development was documented by Darktrace's CloudyPots program, which captures attacker behavior in real-time. The malware, suspected to be of Chinese origin, utilizes SSH brute-forcing and known CVEs to gain access. The attack vector involves creating a new application on the Hadoop deployment, allowing remote code execution. The malware has evolved, with significant changes in its code structure compared to earlier versions. The domain pan.tenire[.]com, linked to previous campaigns, was also involved in this attack. This shift in targeting marks a significant expansion of Chaos malware's operational scope. The attack was first identified in March 2026, indicating a growing threat landscape for cloud infrastructure.
Key Points: • Chaos malware has expanded from routers to misconfigured Linux cloud servers. • The malware exploits SSH brute-forcing and known CVEs for access. • Darktrace's CloudyPots program documented the attack in March 2026.