"GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks"

GoBruteforcer, a new Golang-based malware, has been discovered targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres in an attempt to recruit them into a botnet. During the attack, GoBruteforcer used a Classless Inter-Domain Routing (CIDR) block to scan the network, and it targeted all IP addresses within the CIDR range, according to researchers from Palo Alto Networks Unit 42. Instead of using a single IP address as a target, the threat actor used CIDR block scanning to gain access to a wide variety of target hosts on multiple IPs within a network. GoBruteforcer is primarily meant to target Unix-like platforms with x86, x64, and ARM architectures, aiming to gain access using a brute-force attack using a list of hard-coded credentials. If the attack is successful, an Internet Relay Chat (IRC) bot is launched on the victim server to initiate communications with an actor-controlled server. GoBruteforcer uses a PHP web shell already installed on the victim server to get further information about the targeted network. This article continues to discuss findings regarding the new Golang-based malware GoBruteforcer.

THN reports "GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks"