SSH infections using password brute-forcing and stolen keys also allow Chaos to spread from machine to machine inside an infected network.
First, it is designed to work across several architectures, including: ARM, Intel (i386), MIPS and PowerPC—in addition to both Windows and Linux operating systems.
"is the work of a cybercriminal actor that is cultivating a network of infected devices to leverage for initial access, DDoS attacks and crypto mining,"
A few of the targets included DDoS-as-a-service providers.
The two most important things people can do to prevent Chaos infections are to keep all routers, servers, and other devices fully updated and to use strong passwords and FIDO2-based multifactor authentication whenever possible.
Most router malware can't survive a reboot. Consider restarting your device every week or so.