GoBrut is a computer virus written in Go programming language. The compilation of GoLang programs generates binaries that have all required dependencies embedded in them. It avoids the need of installed runtimes within the machine and simplifies the multi-platform support of Go applications.

Mode Of Infection

GoBrut virus infects Windows and Linux machines using ‘Brute Force’ method.

What Is Brute Force Infection?

A brute force attack is also known as brute force cracking. It involves a computer machine that tries different combinations of usernames and passwords until it finds the correct combination to unlock the victim machine or network.

There are different types of brute force attacks that can be used by GoBrut virus. Some common types are:

  • Dictionary Attack: The attacker uses a dictionary of possible passwords to guess the right password.
  • Exhaustive Key Search: The computer tries every possible combination of characters to find the correct password. The new computers can brute force crack an 8 character alphanumeric password (including capitals, lowercase letters, numbers, and special characters) in about two hours.
  • Credential Recycling: In this type of attack, the attackers use the leaked usernames and passwords from other data breaches.

The virus is mainly used to target servers running Content Management Systems (CMS) and technologies such as SSH and MySQL. Here is a list of commonly targeted platforms:

Content Management Systems

  • Bitrix
  • Drupal
  • Joomla
  • Magento
  • WordPress
  • OpenCart

Databases

  • MySQL
  • Postgres

Administration Tools

  • SSH
  • FTP
  • cPanel
  • PhpMyAdmin
  • Webhostmanagement

After-Infection Process:

  • After successful infection, the infected system becomes a part of the GoBrut botnet. It now requests work from Command and Control server of the botnet.
  • Once the work is received, the infected host will now bruteforce other systems on the network (mentioned in the work request sent by botnet owner).
  • This allows lateral spread of GoBrut virus in the network.
  • After gaining access to a machine’s credentials, the attackers may steal confidential information, photos or other private data.

As the virus uses brute force techniques to steal password, the machines using low-security passwords are at higher risk of infection. Thus, simple ways to protect a system or network from GoBrut virus are:

  • Use of strong and reliable passwords.
  • Regular update of passwords after short intervals.
  • Avoid use of common passwords for different systems.
  • Apply access control for remote logins across all services.
  • Update all services and plugins regularly to combat vulnerabilities.

For more information on the GoBrut virus, contact Centex Technologies at (254) 213 – 4740.