Security News > 2023 > March > GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks
A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet.
The malware is mainly designed to single out Unix-like platforms running x86, x64 and ARM architectures, with GoBruteforcer attempting to obtain access via a brute-force attack using a list of credentials hard-coded into the binary.
GoBruteforcer also leverages a PHP web shell already installed in the victim server to glean more details about the targeted network.
The findings are yet another indication of how threat actors are increasingly adopting Golang to develop cross-platform malware.
"Web servers have always been a lucrative target for threat actors," Unit 42 said.
"Weak passwords could lead to serious threats as web servers are an indispensable part of an organization. Malware like GoBruteforcer takes advantage of weak passwords."
News URL
https://thehackernews.com/2023/03/gobruteforcer-new-golang-based-malware.html
Related news
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)