VERY IMPORTANT

In recent months, there have been numerous users of VestaCP, a hosting control panel solution, receiving warnings from their service provider that their servers were using an abnormal amount of bandwidth. We know today that these servers were in fact used to launch a DDoS attacks. The analysis of a compromised server has shown that malware we call Linux/ChachaDDoS is installed on the system. At the same time this week, we found out that the VestaCP website was compromised, resulting in a supply-chain attack on new installations of VestaCP since at least May 2018. Linux/ChachaDDoS has some similarity with Xor.DDoS but unlike this older family, it has multiple stages and uses Lua for its second and third stage components.