GoBruteforcer botnet exploits weak crypto infrastructure passwords and AI-based setups

On January 12, 2026, cybersecurity researchers detailed how the GoBruteforcer botnet compromises Linux servers used by cryptocurrency and blockchain projects through weak credentials and exposed services. The malware targets FTP, MySQL, PostgreSQL and phpMyAdmin to build a distributed network for brute-force password cracking and data theft. Investigations also found crypto-specific campaigns and blockchain reconnaissance, including scans of TRON addresses to identify funded wallets.