A Botnet has appeared that has attempted to brute-force 1.5 million Remote Desktop Protocol (RDP) connections. Named after the Java class it uses Goldbrute is scanning the internet for machines with RDP exposed and then using weak or reused passwords will attempt to gain access.
Coming just after the large Remote Code Execution vulnerability BlueKeep which uses RDP in it’s attack, GoldBrute is suspected to be one of the greatest threats to windows systems right now.
Infected systems will randomly start scanning IPÂ addresses to find more hosts with exposed RDP servers, then reports these back the Control Server.