Go-ing Rogue: Malicious SSH Brute-Force Tool Secretly Swipes Credentials!
The malicious Go module “golang-random-ip-ssh-bruteforce” fools users into thinking it’s a brute-force tool, while it sneakily sends stolen credentials to its creator via a Telegram bot. It scans random IPv4 addresses for SSH services and disables host key verification, making it as trustworthy as a cat guarding a fish market.
Hot Take:
Imagine thinking you’re downloading a handy tool to brute-force SSH connections—only to find out that you’re actually just handing over free credentials to some nefarious threat actor’s Telegram bot. Talk about a bait-and-switch! It’s like ordering a high-tech security system and getting a cardboard cutout of a guard dog instead. Maybe next time, read the fine print, or in this case, code. That way, you won’t be the unwitting Santa Claus delivering gifts to cybercriminals one ssh login at a time!
Key Points:
– A Go module masquerading as an SSH brute-force tool is secretly snatching credentials.
– It sends successful login details to a Telegram bot under the control of the attacker.
– The package, still available on pkg.go[.]dev, was published over a year ago.
– It disables host key verification to accept connections from any server.
– The threat actor is likely of Russian origin and has a knack for creating other dubious tools.