Security News > 2023 > March > GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks

A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet.
The malware is mainly designed to single out Unix-like platforms running x86, x64 and ARM architectures, with GoBruteforcer attempting to obtain access via a brute-force attack using a list of credentials hard-coded into the binary.
GoBruteforcer also leverages a PHP web shell already installed in the victim server to glean more details about the targeted network.
The findings are yet another indication of how threat actors are increasingly adopting Golang to develop cross-platform malware.
"Web servers have always been a lucrative target for threat actors," Unit 42 said.
"Weak passwords could lead to serious threats as web servers are an indispensable part of an organization. Malware like GoBruteforcer takes advantage of weak passwords."
News URL
https://thehackernews.com/2023/03/gobruteforcer-new-golang-based-malware.html
Related news
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Police detains Smokeloader malware customers, seizes servers (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- SK Telecom warns customer USIM data exposed in malware attack (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers (source)