Security News > 2023 > March > New GoBruteforcer malware targets phpMyAdmin, MySQL, FTP, Postgres
A newly discovered Golang-based botnet malware scans for and infects web servers running phpMyAdmin, MySQL, FTP, and Postgres services.
According to researchers with Palo Alto Networks' Unit 42, who first spotted it in the wild and dubbed it GoBruteforcer, the malware is compatible with x86, x64, and ARM architectures.
For each targeted IP address, the malware starts scanning for phpMyAdmin, MySQL, FTP, and Postgres services.
Rather than targeting a single IP, the malware uses CIDR block scanning for access to a diverse range of hosts on various IP addresses, increasing the reach of the attack.
GoBruteforcer is likely under active development, with its operators expected to adapt their tactics and the malware's capabilities for targeting web servers and stay ahead of security defenses.
"We've seen this malware remotely deploy a variety of different types of malware as payloads, including coinminers," Unit42 added.