Security News > 2023 > March > GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks
A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet.
The malware is mainly designed to single out Unix-like platforms running x86, x64 and ARM architectures, with GoBruteforcer attempting to obtain access via a brute-force attack using a list of credentials hard-coded into the binary.
GoBruteforcer also leverages a PHP web shell already installed in the victim server to glean more details about the targeted network.
The findings are yet another indication of how threat actors are increasingly adopting Golang to develop cross-platform malware.
"Web servers have always been a lucrative target for threat actors," Unit 42 said.
"Weak passwords could lead to serious threats as web servers are an indispensable part of an organization. Malware like GoBruteforcer takes advantage of weak passwords."
News URL
https://thehackernews.com/2023/03/gobruteforcer-new-golang-based-malware.html
Related news
- Rackspace internal monitoring web servers hit by zero-day (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Finland seizes servers of 'Sipultie' dark web drugs market (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- SolarWinds Web Help Desk flaw is now exploited in attacks (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)