Security News > 2023 > March > GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks
A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet.
The malware is mainly designed to single out Unix-like platforms running x86, x64 and ARM architectures, with GoBruteforcer attempting to obtain access via a brute-force attack using a list of credentials hard-coded into the binary.
GoBruteforcer also leverages a PHP web shell already installed in the victim server to glean more details about the targeted network.
The findings are yet another indication of how threat actors are increasingly adopting Golang to develop cross-platform malware.
"Web servers have always been a lucrative target for threat actors," Unit 42 said.
"Weak passwords could lead to serious threats as web servers are an indispensable part of an organization. Malware like GoBruteforcer takes advantage of weak passwords."
News URL
https://thehackernews.com/2023/03/gobruteforcer-new-golang-based-malware.html
Related news
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)