BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New GoBruteforcer Botnet Targets phpMyAdmin, MySQL, FTP, Postgres Applications

    Malware operators are expected to adapt it for all possible platforms.

    A recently discovered Golang-based botnet called GoBruteforcer scans and infects web servers running "phpMyAdmin", "MySQL", "FTP" and "Postgres" services. This was stated by security researchers from Palo Alto Networks Unit 42, who were the first to discover the botnet in the wild.

    According to experts, GoBruteforcer is compatible with x86, x64 and ARM architectures. Malware enumerates accounts with weak or default passwords to compromise vulnerable *nix devices.

    For each target IP address, the malware starts looking for "phpMyAdmin", "MySQL", "FTP", and "Postgres" services. After detecting an open port accepting connections, GoBruteforcer attempts to log in using the hardcoded credentials.

    Once logged in, it deploys an IRC bot to compromised "phpMyAdmin" systems, or a "PHP" web shell to servers running other targeted services. At the next stage of the attack, GoBruteforcer contacts the command and control server (C2, C&C) and waits for instructions delivered through a previously installed IRC bot or web shell.

    The botnet uses a multi-scan engine to search for potential victims through classless inter-domain addressing (CIDR), giving the attacker a wide choice of targets to infiltrate the network.

    Instead of targeting a single IP address, the malware uses CIDR block scanning to access a diverse range of hosts with different IP addresses, increasing the reach of an attack.

    GoBruteforcer is likely under active development and its operators are expected to adapt their tactics and malware capabilities to target web servers and bypass defenses. Unit 42 researchers noted that GoBruteforcer remotely deployed various types of malware as payloads, including cryptocurrency miners.

    Author DeepWeb
    Iron Tiger hackers distribute Linux version of their SysUpdate malware
    Clop hackers enter ransomware phase after massive GoAnywhere hack

    Comments 0

    Add comment