A new Chaos botnet variant is actively compromising misconfigured cloud servers, with a primary focus on Hadoop instances exposing unauthenticated remote code execution endpoints. The variant has been retooled to deploy SOCKS proxy capabilities, expanding attacker monetization beyond cryptomining and DDoS-for-hire to include traffic laundering and infrastructure rental. Organizations running exposed Hadoop or Linux cloud workloads without authentication controls are at direct risk of silent compromise and potential use as attacker relay infrastructure.