Web servers on MySQL, FTP, Postgres, and phpMyAdmin are being targeted by the novel GoBruteforcer malware, which leverages weak credentials to facilitate device compromise, reports BleepingComputer.
After scanning for compatible servers and identifying open ports for connections, GoBruteforcer proceeds to attempt log-ins with hard-coded credentials, which will be followed by the deployment of either an IRC bot or a PHP web shell, a report from Palo Alto Networks' Unit 42 showed.
Researchers found that GoBruteforcer would then communicate with its command-and-control server, leverage a multiscan module to determine more victims, and target all IP addresses in a specific Classless Inter-Domain Routing block to maximize the range of the intrusion.
"We've seen this malware remotely deploy a variety of different types of malware as payloads, including coinminers. We believe that GoBruteforcer is in active development, and as such, things like initial infection vectors or payloads could change in the near future," said researchers.
Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.
Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.
Operations of Russia's industrial sensor and monitoring infrastructure were claimed to have been disrupted by Ukrainian hacking operation Blackjack following a Fuxnet malware attack against Moscow-based underground infrastructure firm Moscollector, reports SecurityWeek.