GoBruteforcer Malware Targets Many Platforms

Researchers from Palo Alto's Unit 42 have recently uncovered a new form of malware that is based on Golang. Dubbed as GoBruteforcer, this malware targets web servers that run services such as FTP, MySQL, phpMyAdmin, and Postgres. The research indicates that the attacker has deployed binaries for x86, x64, and ARM processor architectures. Furthermore, the malware uses a classless integer domain routing (CIDR) block scanning technique to gain access to a wide range of target hosts on different IPs instead of a single IP address.

The primary aim of GoBruteforcer is to target Unix-like platforms with x86, x64, and ARM architectures. The malware uses brute-force attacks with hardcoded credentials to gain access to the target. Once successful, the malware installs an internet relay chat (IRC) bot on the victim's server, allowing it to communicate with the attacker's server. GoBruteforcer also utilizes an already installed PHP web shell on the victim server to obtain more details about the targeted network.

However, the initial intrusion vector for GoBruteforcer and the PHP web shell is still unknown, and the malware seems to be undergoing active development to evade detection. These findings highlight how Golang is increasingly becoming a preferred choice for threat actors to develop cross-platform malware. Moreover, GoBruteforcer's multi-scan capability makes it a significant threat as it can breach a broad set of targets.

Why is Golang a Preferred Development Tool for Many Malware Makers?

Golang is a preferred development tool for many malware makers due to its ability to create high-performance and cross-platform applications. Golang is an open-source programming language that is easy to learn and provides a robust set of features for building scalable applications.

One of the main advantages of Golang is its ability to create binary executables that can be run on multiple platforms without requiring the installation of additional dependencies. This makes it easier for malware developers to create malware that can run on various systems, including Windows, macOS, and Linux.

Furthermore, Golang has excellent support for concurrency, allowing malware makers to create highly efficient and scalable malware. This feature is crucial in the context of malware, as many malware strains are designed to spread rapidly and infect as many systems as possible.

Lastly, Golang has a relatively simple syntax, which makes it easier for developers to create and modify code quickly. This feature is essential for malware makers as they need to update and modify their malware frequently to evade detection by antivirus software.

In summary, Golang is a preferred development tool for malware makers due to its cross-platform capabilities, support for concurrency, and simplicity of use, which allows for the rapid development and modification of code.