A newly identified Golang-based botnet marks web servers running FTP, MySQL, phpMyAdmin, Postgres services, and Palo Alto Networks reports.
GoBruteforcer is still in expansion, is filled with UPX Packer, and has a multi-scan module it employs to identify open ports for targeted services. For MySQL and Postgres services, the malware examinations for open ports 3306 and 5432 pings the host’s database using specific credentials. For FTP services, it checks for available port 21 and then tries to certify utilizing the Goftp library.
Palo Alto Networks discovered a PHP web shell on victim servers, providing attackers with reverse and bind shell capabilities.
Know more: New ‘GoBruteforcer’ Botnet Targets Web Servers
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.