Tuesday, 31 March, 2026
Malicious Go Module Masquerading as SSH Brute-Force Tool Steals Login Credentials via Telegram
By Isha
Security researchers have uncovered a deceptive Go module named “golang-random-ip-ssh-bruteforce” that masquerades as an SSH brute-force scanner. Once a login succeeds, it stealthily sends the target IP, username, and password to a malicious Telegram bot. It bypasses host key checks, attempts high-concurrency brute-forcing using common credentials (e.g., root, admin, 12345678), and relays results to the attacker via Telegram—evading detection and exploiting unwitting operators.
Read full story at The Hacker News