Security News > 2022 > December > New GoTrim Botnet Attempting to Break into WordPress Sites' Admin Accounts

A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system to seize control of the targeted systems.

"This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' to split data communicated to and from the C2 server," Fortinet FortiGuard Labs researchers Eduardo Altares, Joie Salvio, and Roy Tay said.

The primary purpose of the malware is to receive further commands from an actor-controlled server that include conducting brute-force attacks against WordPress and OpenCart using credentials provided.

GoTrim can alternatively function in a server mode where it starts a server to listen for incoming requests sent by the threat actor through the command-and-control server.

Another key feature of the botnet malware is its ability to mimic legitimate requests from the Mozilla Firefox browser on 64-bit Windows to bypass anti-bot protections, in addition to solving CAPTCHA barriers present in WordPress sites.

"Brute-forcing campaigns are dangerous as they may lead to server compromise and malware deployment. To mitigate this risk, website administrators should ensure that user accounts use strong passwords."

News URL

https://thehackernews.com/2022/12/new-gotrim-botnet-attempting-to-break.html