Security News > 2022 > December > New GoTrim botnet brute forces WordPress site admin accounts
A new Go-based botnet malware named 'GoTrim' is scanning the web for self-hosted WordPress websites and attempting to brute force the administrator's password and take control of the site.
The malware then connects to each site and attempts to brute-force the admin accounts using the inputted credentials.
If successful, GoTrim logs in on the breached site and reports the new infection to the command and control server, including a bot ID in the form of a newly generated MD5 hash.
To evade detection by the WordPress security team, GoTrim will not target sites hosted on Wordpress.com and instead only target self-hosted sites.
Finally, if the targeted WordPress site uses a CAPTCHA plugin to stop bots, the malware detects it and loads the corresponding solver.
To mitigate the GoTrim threat, WordPress site owners should use strong administrator account passwords that are hard to brute-force or use a 2FA plugin.