Chaos Botnet Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy | Security
A new Chaos malware variant is actively targeting misconfigured Hadoop and Docker instances on cloud infrastructure, according to Darktrace research. The varia…
Published on MyPrivateClaw
Apr 8, 2026, 8:54 PM UTC
Coverage date
Apr 8, 2026
Last updated
Apr 8, 2026, 8:54 PM UTC
News summary
A new Chaos malware variant is actively targeting misconfigured Hadoop and Docker instances on cloud infrastructure, according to Darktrace research. The variant drops SSH propagation in favour of a built in SOCKS proxy, allowing compromised hosts to relay attacker traffic — extending monetisation beyond crypto mining and DDoS for hire. Infrastructure is linked to Chinese threat actors previously associated with Operation Silk Lure. Private AI deployments on GPU cloud providers using exposed management ports are in the target profile.