GoScanSSH Malware Targets SSH Servers, But Avoids Military and .GOV Systems

March 28, 2018

Researchers have identified a new malware family, dubbed GoScanSSH, that targets public facing SSH servers, but avoids those linked to government and military IP addresses.

The malware has been in the wild since June 2017 and exhibits a number of unique characteristics, such as being written in the Go (Golang) programming language, avoiding military targets and tailoring malware binaries for each target, according to Cisco Talos, which first identified the malware and posted research about it on Monday.

Researchers said the initial infection vector for GoScanSSH malware is brute-force attacks against publicly accessible SSH servers that allow password-based SSH authentication.

Read More on Threat Post