Cybersecurity researchers have uncovered a malicious Go module disguised as an SSH brute-force tool that secretly exfiltrates stolen credentials via Telegram. The malware targets weak SSH protections, collects login details, and relays them to threat actors using standard HTTPS traffic to avoid detection. #GoModule #TelegramBot
Keypoints
- The malicious Go module impersonates a brute-force SSH tool but secretly exfiltrates credentials.
- It scans random IPv4 addresses and attempts to brute-force SSH services with weak username-password pairs.
- The malware disables host key verification to accept any server connection, increasing its success rate.
- Stolen credentials are sent via a Telegram bot API to the threat actor, making detection more difficult.
- The threat actor behind the operation has a broader portfolio including IP scanners, parsers, and C2 botnets.
Read More: https://thehackernews.com/2025/08/malicious-go-module-poses-as-ssh-brute.html