Talos identified a new malware family that was being used to compromise SSH servers exposed to the internet. This malware, which we have named GoScanSSH, was written using the Go programming language. The attacker created unique malware binaries for each host that was infected with the malware. The malware was observed leveraging the Tor2Web proxy service in an attempt to make tracking the attacker-controlled infrastructure more difficult and resilient to takedowns. The infection vector leveraged by this malware was likely an SSH credential brute-force attack against a publicly accessible SSH server.”]
Source: https://blog.talosintelligence.com/2018/03/goscanssh-analysis.html