CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

New GoTrim Botnet Attempting to Break into WordPress Sites’ Admin Accounts

admin by admin
December 14, 2022
in Information Security


Dec 14, 2022Ravie LakshmananWebsite Security / Linux

A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of the targeted systems.

“This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ‘:::trim:::’ to split data communicated to and from the C2 server,” Fortinet FortiGuard Labs researchers Eduardo Altares, Joie Salvio, and Roy Tay said.

The active campaign, observed since September 2022, utilizes a bot network to perform distributed brute-force attacks in an attempt to login to the targeted web server.

CyberSecurity

A successful break-in is followed by the operator installing a downloader PHP script in the newly compromised host that, in turn, is designed to deploy the “bot client” from a hard-coded URL, effectively adding the machine to the growing network.

In its present form, GoTrim does not have self-propagation capabilities of its own, nor can it distribute other malware or maintain persistence in the infected system.

The primary purpose of the malware is to receive further commands from an actor-controlled server that include conducting brute-force attacks against WordPress and OpenCart using credentials provided.

GoTrim can alternatively function in a server mode where it starts a server to listen for incoming requests sent by the threat actor through the command-and-control (C2) server. This, however, only occurs when the breached system is directly connected to the Internet.

Another key feature of the botnet malware is its ability to mimic legitimate requests from the Mozilla Firefox browser on 64-bit Windows to bypass anti-bot protections, in addition to solving CAPTCHA barriers present in WordPress sites.

“Although this malware is still a work in progress, the fact that it has a fully functional WordPress brute forcer combined with its anti-bot evasion techniques makes it a threat to watch for,” the researchers said.

“Brute-forcing campaigns are dangerous as they may lead to server compromise and malware deployment. To mitigate this risk, website administrators should ensure that user accounts (especially administrator accounts) use strong passwords.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

The easy way to protect yourself

Next Post

Initiatebodgovernance ~ Future of CIO

Related Posts

Information Security

New Android Banking Trojan Targeting Brazilian Financial Institutions

by admin
February 4, 2023
Information Security

Fall 2022 PCI DSS report available with six services added to compliance scope

by admin
February 4, 2023
Information Security

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

by admin
February 3, 2023
Information Security

How to improve security incident investigations using Amazon Detective finding groups

by admin
February 3, 2023
Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Next Post

Initiatebodgovernance ~ Future of CIO

Recommended

Initiativesofreinvention

February 4, 2023

New Android Banking Trojan Targeting Brazilian Financial Institutions

February 4, 2023

Fall 2022 PCI DSS report available with six services added to compliance scope

February 4, 2023

Initiativesofnonlinearity ~ Future of CIO

February 3, 2023

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

February 3, 2023

How to improve security incident investigations using Amazon Detective finding groups

February 3, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.