Cyber Security

GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks

Mar 14, 2023Ravie LakshmananNetwork Security / Botnet

A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet.

“GoBruteforcer chose a Classless Inter-Domain Routing (CIDR) block for scanning the network during the attack, and it targeted all IP addresses within that CIDR range,” Palo Alto Networks Unit 42 researchers said.

“The threat actor chose CIDR block scanning as a way to get access to a wide range of target hosts on different IPs within a network instead of using a single IP address as a target.”

The malware is mainly designed to single out Unix-like platforms running x86, x64 and ARM architectures, with GoBruteforcer attempting to obtain access via a brute-force attack using a list of credentials hard-coded into the binary.

If the attack proves to be successful, an internet relay chat (IRC) bot is deployed on the victim server to establish communications with an actor-controlled server.

GoBruteforcer also leverages a PHP web shell already installed in the victim server to glean more details about the targeted network.


Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.


That said, the exact initial intrusion vector used to deliver both GoBruteforcer and the PHP web shell is undetermined as yet. Artifacts collected by the cybersecurity company suggest active development efforts to evolve its tactics and evade detection.

The findings are yet another indication of how threat actors are increasingly adopting Golang to develop cross-platform malware. What’s more, GoBruteforcer’s multi-scan capability enables it to breach a broad set of targets, making it a potent threat.

“Web servers have always been a lucrative target for threat actors,” Unit 42 said. “Weak passwords could lead to serious threats as web servers are an indispensable part of an organization. Malware like GoBruteforcer takes advantage of weak (or default) passwords.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Articles You May Like

Uber shares pop on inclusion in S&P 500
Read Linda Yaccarino’s message to X employees about Elon Musk’s controversial DealBook interview
Oppo Reno 10 Pro 5G Price in India Slashed by Rs. 2,000: Know How Much It Costs Now
Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack
Aquaman 2, Sam Bahadur, Rebel Moon Part One, and More: Movie Guide to Cinemas and Streaming in December 2023