A new malware called GoBruteforcer has been uncovered by cybersecurity researchers. This malware is written in the programming language Go and is specifically designed to target web servers running phpMyAdmin, MySQL, FTP, and Postgres. The goal of the threat is to take control of these devices and add them to a botnet, which can then be used for various malicious activities. Details about the malicious capabilities of the threat were released in a report by the infosec researchers at Palo Alto Networks Unit 42.
One of the notable features of GoBruteforcer is its use of Classless Inter-Domain Routing (CIDR) block scanning. This technique allows the malware to scan the network and target all IP addresses within a specific CIDR range instead of just using a single IP address as a target. By doing this, the malware can access a wider range of hosts on different IPs within a network. This makes it more difficult for network administrators to detect and block the attack.
Devices Infected By GoBruteforcer Malware Are Added to a Botnet
GoBruteforcer is a type of malware that has been designed specifically to target Unix-like platforms running x86, x64, and ARM architectures. The malware attempts to gain access to these devices through a brute-force attack using a list of credentials that are hard-coded into the binary. If successful, the malware deploys an IRC (internet relay chat) bot on the victims' server to establish communication with an actor-controlled server.
In addition to using a brute-force attack, GoBruteforcer also leverages a PHP web shell that is already installed on the victim server. This allows the malware to gather more information about the targeted network.
Despite its effectiveness, it is unclear how GoBruteforcer and the PHP shell are initially delivered to the targeted devices. However, cybersecurity researchers have noted that the malware's tactics and techniques are actively evolving, indicating that the developers behind it are continually working to evade detection and improve the effectiveness of their attacks.
Robust Cybersecurity Measures Should be a Top Priority for Users and Organizations Alike
Web servers have been a highly sought-after target for cyber attackers for a long time. Weak passwords can lead to significant threats, as web servers are an essential component of an organization's digital infrastructure. Malware such as GoBruteforcer exploits these vulnerabilities by taking advantage of weak or default passwords to gain unauthorized access to these servers.
One of the most significant features of the GoBruteforcer bot is its multiscan capability, which allows it to target a wide range of potential victims. This, coupled with the malware's active development, means that attackers can modify their tactics and techniques to target web servers more effectively in the future. Therefore, it is essential to ensure that web servers are secured with strong and unique passwords to minimize the risk of attacks by malware like GoBruteforcer.