Find notable cyber news and cases, enriched with sources, timelines, and signals.

Golang-random-ip-ssh-bruteforce SSH credential-theft module

Malware Activity
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

The golang-random-ip-ssh-bruteforce Go module is being identified as a malicious SSH credential-theft tool that scans random IPv4 addresses for exposed SSH services on TCP port 22 and steals successful logins. It uses a built-in username-password list, disables host key verification, and sends captured credentials to a Telegram bot. The activity matters because it turns unwitting operators’ infrastructure into a distributed brute-force platform while quietly exfiltrating access data.

Related Happenings

Telemetry.js credential stealer targeting Linux and macOS with public GitHub exfiltration

Malware Activity
H score52 First: 06.09.2025 17:11 Last: 06.09.2025 17:11 Sources 1

About this happening: The **telemetry.js** credential stealer is targeting **Linux and macOS** systems and trying to harvest **GitHub tokens**, **npm tokens**, **SSH keys**, **.env files**, and **crypt...

Timeline

  1. 24.08.2025 16:38 1 articles · 10mo ago

    Malicious Go module published on pkg.go[.]dev

    Untyped Phase

    The deceptive Go module golang-random-ip-ssh-bruteforce was published on pkg.go[.]dev on June 24, 2022 and linked to the GitHub account IllDieAnyway (G3TT), establishing a distribution point for the SSH brute-force credential-theft package.

    Show sources
  2. 24.08.2025 03:00 1 articles · 10mo ago

    Researchers disclose SSH credential theft behavior

    Technical Analysis Update

    Researchers disclosed that golang-random-ip-ssh-bruteforce scans random IPv4 addresses for exposed SSH services on TCP port 22, brute-forces logins with an embedded username-password list, disables host key verification with ssh.InsecureIgnoreHostKey, and exfiltrates successful credentials to the threat actor-controlled Telegram bot @sshZXC_bot and the handle @io_ping.

    Show sources