GoBruteforcer malware exploits weak credentials and AI-generated server defaults to build botnets targeting cryptocurrency projects and Linux servers. The Golang-based malware brute-forces FTP, MySQL, PostgreSQL, and phpMyAdmin services, using credentials commonly found in tutorials and LLM-generated code. Once infected, hosts either scan for new victims, serve payloads, or act as backup command-and-control servers. Recent campaigns specifically target TRON blockchain addresses to identify accounts with funds, while separate threat actors scan for misconfigured proxy servers to access commercial LLM services.
Sort: