BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New GoTrim botnet brute forces passwords of WordPress site administrators


    FortiGuard Labs researchers have uncovered a malicious campaign in which a new Golang-based botnet hacks WordPress sites to take control of targeted systems.

    The new brute force method is part of a campaign that analysts have named GoTrim because it was written in Go and uses the string ‘:::trim:::’ to separate data sent to and from the C&C server.

    The GoTrim campaign has been tracked since September 2022 and uses a botnet network to carry out DDoS attacks when trying to log into the target web server. After the hack, the operator installs a PHP loader script on the compromised host, which is designed to deploy a "client bot" from a hard-coded URL, adding the machine to the botnet.

    GoTrim is not capable of self-propagating, delivering other malware, or remaining persistent on an infected system. The main goals of GoTrim:

    • receiving further commands from the C&C server;
    • conducting brute force attacks on WordPress and OpenCart using a set of provided credentials;
    • operation in server mode, when malware launches a server to listen for incoming requests sent by an attacker (only if the compromised system is directly connected to the Internet);
    • imitation of legitimate Mozilla Firefox browser requests on a 64-bit version of Windows to bypass protection against bots;
    • bypass CAPTCHA protection on WordPress sites.

    When multiple pieces of device information are sent to the C&C server, the fields are separated by the string ":::trim:::", hence the campaign name.

    “While this malware is still under development, the fact that it has a fully functional WordPress brute-force tool, combined with its bot evasion techniques, makes it very dangerous,” the researchers say.

    Brute force attacks can compromise the server and deploy malware. To mitigate this risk, website administrators should ensure that user accounts (especially administrator accounts) use strong passwords.

    Author DeepWeb
    Ukrainian government networks exposed using trojanized Windows 10 installers
    Bypass in the capable hands of DDoS hacktivists

    Comments 0

    Add comment