Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot,
Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator.
« On the first successful login, the package sends the target IP address, username, and password to a hard-coded Telegram bot controlled by the threat actor, » Socket researcher Kirill Boychenko
« On the first successful login, the package sends the target IP address, username, and password to a hard-coded Telegram bot controlled by the threat actor, » Socket researcher Kirill Boychenko
,
Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator.
« On the first successful login, the package sends the target IP address, username, and password to a hard-coded Telegram bot controlled by the threat actor, » Socket researcher Kirill Boychenko
« On the first successful login, the package sends the target IP address, username, and password to a hard-coded Telegram bot controlled by the threat actor, » Socket researcher Kirill Boychenko
, ,
https://thehackernews.com/2025/08/malicious-go-module-poses-as-ssh-brute.html