GoBruteforcer: New Golang-based Botnet Malware Scans for and Infects Web Servers

by | Mar 13, 2023 | News

Golang-based botnet malware GoBruteforcer

Post Views: 583

Premium Content

Patreon
Subscribe to Patreon to watch this episode.
Reading Time: 3 Minutes

How GoBruteforcer works and what devices it targets

Cybersecurity researchers have uncovered a new Golang-based botnet malware called GoBruteforcer that targets web servers running phpMyAdmin, MySQL, FTP, and Postgres services. The malware has been identified by Palo Alto Networks’ Unit 42, and it is compatible with x86, x64, and ARM architectures. GoBruteforcer uses brute force tactics to gain access to vulnerable *nix devices by exploiting weak or default passwords.

The malware scans for phpMyAdmin, MySQL, FTP, and Postgres services on each targeted IP address. Once it detects an open port accepting connections, it attempts to log in using hard-coded credentials. GoBruteforcer deploys an IRC bot on compromised phpMyAdmin systems or a PHP web shell on servers running other targeted services, enabling it to reach out to its command-and-control server for further instructions.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

GoBruteforcer’s ongoing development and potential for future attacks

GoBruteforcer uses a multiscan module to find potential victims within a Classless Inter-Domain Routing (CIDR), giving it a broad range of targets to infiltrate networks. Rather than targeting a single IP, the malware uses CIDR block scanning to access a diverse range of hosts on various IP addresses, increasing the reach of the attack.

Unit42 warns that GoBruteforcer is likely under active development, with its operators expected to adapt their tactics and the malware’s capabilities for targeting web servers and staying ahead of security defenses. The malware has already been seen deploying various types of malware as payloads, including coinminers.

Trending: Major Cyber Attacks of 2022

Trending: Offensive Security Tool: CrackQL

The need to be up-to-date with the latest security measures

The discovery of GoBruteforcer highlights the importance of strong passwords and regular security audits to prevent malicious attacks on web servers. It also underscores the need for organizations to remain vigilant and up-to-date with the latest security measures to protect against evolving threats.

Trending: Proof-of-concept for critical Microsoft Word vulnerability published

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This