![]() ![]() Also, it has been observed that the malware remotely deploys various types of malware payloads. In the next stage, GoBruteforcer connects with a C2 (command-and-control) server and waits for the instructions delivered through a previously installed IRC bot or web shell. Moreover, once logged in to the service, the GoBruteforcer deploys an 'IRC bot' on compromised phpMyAdmin systems or a 'PHP web shell' on servers running other targeted services. Additionally, malware GoBruteforcer for phpMyAdmin services it checks for target port (port 80) is open, for for MySQL and Postgres services malware checks for whether ports 33 are open and for FTP services it checks for port 21 is open. Further, for every targeted IP, the malware scans for phpMyAdmin, FTP, MySQL, and Postgres services and once it detects open ports for connections. ![]() Researchers think this works only if there are some specific arguments being used and target services are already being installed with weak passwords. The malware uses CIDR block scanning to check for diverse range of hosts on IP addresses in the network to increase the scope of the attack.įurther, for every targeted IP, the malware scans for phpMyAdmin, FTP, MySQL, and Postgres services and once it detects open ports for connections, GoBruteforcer will brute force accounts to log in using hard-coded credentials. It has also been observed that the malware is compatible with x86, 圆4, and ARM architectures.Īccording to the researchers, GoBruteforcer, in order to find the potential victim, uses a multiscan module and choose a Classless Inter-Domain Routing (CIDR) block, allowing it to target all IP addresses within that range rather than a single IP. Security researchers of Palo Alto Networks discovered a new Golang-based botnet malware dubbed GoBruteforcer that scans for the servers running with phpMyAdmin, MySQL, FTP, and Postgres services to infect or target them.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |