Chaos Ransomware's C++ Variant Deletes, Steals Crypto

A new C++ variant of Chaos ransomware has been identified, marking a significant evolution from its previous .NET versions. This updated malware employs a destructive strategy, encrypting small files, skipping medium ones, and permanently deleting the content of large files. It introduces a novel clipboard hijacking feature designed to steal cryptocurrency by replacing wallet addresses copied by the user. The ransomware masquerades as a system utility to trick users while silently executing its payload. This shift in tactics indicates Chaos is becoming more of a destructive wiper, prioritizing speed and irreversible data loss over traditional encryption.

Latest mentioned: 10-08

Earliest mentioned: 10-08

Sources

fortinet.com fortinet.com

Also Read

Sophisticated Malware Targets WordPress E-commerce Sites

The Wordfence Threat Intelligence Team has discovered a complex malware campaign targeting WordPress e-commerce sites using the WooCommerce plugin. The malware, disguised as a rogue plugin, employs advanced encryption, fake images, and remote command access for persistent exploitation. It logs user credentials, establishes backdoors, and injects JavaScript skimmers into checkout pages to steal credit card data. The campaign is attributed to Magecart Group 12, known for their persistent credit card skimming activities.

10-31Read more →