ADVERTISEMENT

Hackers’ botnet is exploiting 1234 passwords to steal crypto

Hackers are hijacking tens of thousands of poorly secured servers to build a botnet that targets cryptocurrency wallets containing funds. More than 50,000 internet-facing servers with weak passwords may be vulnerable, according to research.

gobruteforcer

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Jan 13, 2026 3 min read
GoBruteforcer attacks
Number of MySQL servers publicly reachable on the default port

Malware targets weak passwords

GoBruteforcer attacks
GoBruteforcer infection chain. Source: Check Point
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
ADVERTISEMENT

How does the malware work?

GoBruteforcer attacks
Sample credential lists delivered by GoBruteforcer C2 for brute-force tasks. Source: Check Point

Legacy systems pose a risk


ADVERTISEMENT