From open-source to open threat: Tracking Chaos RAT’s evolution
Essential information
- Published
- 06/06/2025 11:02
- Modified
- 08/06/2025 17:04
- Tags
- 2025-06-06 CVE-2024-30850 CVE-2024-31839 chaos rat cross-platform golang remote administration tool
- Related entities
- 23 observables, 13 techniques (mitre), 1 malware, 2 others
Description
Chaos RAT, an open-source remote administration tool written in Golang, has evolved since its first appearance in 2022. Recent variants have been identified in Linux and Windows attacks. The malware offers cross-platform compatibility and is being exploited by threat actors for malicious purposes. It provides an administrative panel for payload generation and control of compromised systems. The latest samples show improved encoding of configuration data and expanded capabilities. A critical vulnerability in Chaos RAT's web panel allowed attackers to execute remote code on the server. While overall usage remains limited, its low detection profile creates opportunities for espionage, data exfiltration, and establishing footholds for further attacks.