Security News > 2023 > March > GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks
A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet.
The malware is mainly designed to single out Unix-like platforms running x86, x64 and ARM architectures, with GoBruteforcer attempting to obtain access via a brute-force attack using a list of credentials hard-coded into the binary.
GoBruteforcer also leverages a PHP web shell already installed in the victim server to glean more details about the targeted network.
The findings are yet another indication of how threat actors are increasingly adopting Golang to develop cross-platform malware.
"Web servers have always been a lucrative target for threat actors," Unit 42 said.
"Weak passwords could lead to serious threats as web servers are an indispensable part of an organization. Malware like GoBruteforcer takes advantage of weak passwords."
News URL
https://thehackernews.com/2023/03/gobruteforcer-new-golang-based-malware.html
Related news
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Apache fixes remote code execution bypass in Tomcat web server (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)