GoTrim botnet target WordPress sites

Share post:

Fortinet Researchers from FortiGuard Labs discovered GoTrim, a novel Go-based botnet that scans and brute-forces WordPress and OpenCart websites in order to facilitate site takeovers and other attacks.

Since September 2022, a bot network has been used to publish distributed brute-force attacks in a bid to obtain control of the targeted web server. The primary goal of the malware is to receive additional commands from an actor-controlled server, such as performing brute-force attacks against WordPress and OpenCart using a set of provided credentials.

After effectively penetrating admin accounts, GoTrim uses PHP scripts to allow bot client restoration before connecting to the command-and-control server. Among the encrypted instructions sent to GoTrim include those for verifying credentials against WordPress, Joomla!, Data Life Engine, and OpenCart domains, as well as classifying and terminating malware installations on the domain.

The malware employs a bot network to launch distributed brute force attacks on targeted websites. Each bot is given a long list of target websites as well as a set of credentials for brute-force attacks.

According to the researchers, the bot does not have any code for propagation or the deployment of other payloads, and PHP scripts download and execute GoTrim bot clients. Also, the attackers use compromised credentials to deploy PHP scripts that install the GoTrim botnet, and the bot does not maintain persistence in the infected system.

GoTrim has also avoided detection by spoofing Firefox on 64-bit Windows requests and targeting self-hosted sites rather than those hosted on WordPress.com.

The sources for this piece include an article in TheHackerNews.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Voyageur support team restores half-century old system functions billions of miles away

Nearly half a century after its launch, NASA’s Voyager 1 spacecraft continues to defy the vastness of interstellar...

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Google leader gives a tough message to employees

Google's search chief, Prabhakar Raghavan, delivered a powerful message to employees at a recent all-hands meeting: the tech...

Silicon Valley tech founder sentenced to prison for fraud

In a significant shake-up in Silicon Valley, Manish Lachwani, co-founder and former CEO of the mobile app-testing company...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways