December 14, 2022Rabbi Lakshmananwebsite security / Linux

A new Go-based botnet has been discovered using WordPress content management systems (CMS) to scan self-hosted websites, perform brute force attacks, and gain control of targeted systems. rice field.

“This new brute forcer is part of a new campaign we named GoTrim because it is written in Go and uses ‘:::trim:::’ to split the data going to and from the C2 server. said Fortinet FortiGuard Labs researchers Eduardo Altares, Joy Salvio and Roy Tay. Said.

Active campaigns observed since September 2022 utilize bot networks to perform distributed brute force attacks that attempt to log into targeted web servers.

cyber security

After a successful intrusion, the operator installs a downloader PHP script on the newly compromised host. This script is designed to deploy a “bot client” from a hardcoded URL, effectively adding more machines to your growing network.

In its current form, GoTrim has no self-propagating capabilities of its own, nor is it capable of distributing other malware or maintaining persistence on infected systems.

The main purpose of the malware is to receive further commands from the attacker-controlled servers, including performing brute force attacks against WordPress and OpenCart using the provided credentials.

GoTrim instead works in server mode, launching a server and listening for incoming requests sent by the attacker through a command and control (C2) server. However, this only happens if the compromised system is directly connected to the Internet.

Another important function of botnet malware, in addition to solving CAPTCHA barriers present on WordPress sites, is to mimic legitimate requests from the Mozilla Firefox browser on 64-bit Windows to bypass anti-bot protections. It’s a feature.

“Although this malware is still in development, the fact that it combines a fully functional WordPress brute forcer with anti-bot evasion techniques is an alarming threat,” said the researchers.

“Brute force campaigns are dangerous because they can lead to server compromise and malware deployment. To mitigate this risk, website administrators should ensure that user accounts (especially administrator accounts) You have to make sure you’re using it.”

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog