May 29, 2023Ravi LakshmananLinux / network security

Japanese Linux routers have been targeted by a new Golang Remote Access Trojan (RAT) dubbed ‘Golang’. Gobrat.

JPCERT Coordination Center (JPCERT/CC) “Attackers first target routers with exposed WEBUI, possibly exploiting vulnerabilities to execute scripts and eventually infect GobRAT.” Said In a report released today.

Once an Internet-facing router is compromised, a loader script is deployed that acts as a conduit for GobRAT delivery. This script evades detection by disguising itself as an Apache daemon process (apached) when launched.

The loader should disable the firewall, use a cron job scheduler to establish persistence, and use SSH public keys .ssh/authorized_keys file for remote access.

GobRAT is a transport layer security (TLS) protocol to receive and execute up to 22 different encrypted commands.

Some of the key commands are:

  • Get machine information
  • run reverse shell
  • read/write file
  • Configure new command and control (C2) and protocols
  • Start SOCKS5 proxy
  • Run files in /zone/FRPCand
  • Try to login to sshd, Telnet, Redis, MySQL, PostgreSQL services running on another machine.

The findings come nearly three months after Lumen Black Lotus Labs revealed business-grade routers were being spied on using malware called HiatusRAT in Latin America, Europe and North America. I was.

Did you enjoy this article? Follow us twitter and LinkedIn To read more of the exclusive content we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog