New GoBruteforcer attack wave targets crypto, blockchain projects
A new wave of GoBruteforcer botnet malware attacks is targeting databases of cryptocurrency and blockchain projects on exposed servers believed to be configured using AI-generated examples.
GoBrutforcer is also known as GoBrut. It is a Golang-based botnet that typically targets exposed FTP, MySQL, PostgreSQL, and phpMyAdmin services.
The malware often relies on compromised Linux servers to scan random public IPs and carry out brute-force login attacks.
Preying on weak defenses
Check Point researchers estimate that there are more than 50,000 internet-facing servers that may be vulnerable to the GoBrut attacks.
They say that initial compromise is often obtained through the FTP servers on servers running XAMPP…
