Home Malware Programs Malware GoBrut Botnet

GoBrut Botnet

Posted: April 6, 2019

The GoBrut Botnet is a network of Trojans that compromise systems for carrying out a configurable variety of tasks, as its attacker designates through active projects. Although much of its payload is flexibly configurable, the GoBrut Botnet emphasizes brute-forcing its way through logins, thereby granting a threat actor access to passwords and other credentials. Users should update their server platforms and use strong login security for its protection while letting their anti-malware software remove the GoBrut Botnet's bots as needed.

These Trojans Go Brutal on Your Passwords

An early-2019 Trojan network of 'enslaved' servers and other hardware is proving itself adept at breaking through logins by blunt, but effective, force especially. Threat actors may reconfigure the GoBrut Botnet for various purposes and criminal activities, but its default features are emphasizing brute-force techniques to a level that surpasses many of its competitors. Cyber-security researchers also are catching a brand-new variant of the still-young GoBrut Botnet's bots, which provide its campaigns with more horsepower via compromising different OSes.

The 'primary' build of the GoBrut Botnet's Trojan bot is Windows-compatible and can spread through two different brute-force attacks: one that compromises logins for Magento CMS targets, and one for phpMyAdmin targets. Host statistics provided by researchers further implies that the GoBrut Botnet's campaign makes use of software vulnerabilities that eliminate some of the guesswork involved, such as by using SSH exploits for uncovering the account's login name. While malware experts find the applicability of these exploits generally-relevant to many websites, the GoBrut Botnet is finding notable success with compromising WordPress blogs.

Although the GoBrut Botnet has achieved thousands of unique bots in a short time, the purpose for which it's driving its network is questionable. Some attacks are deploying JavaScript 'skimmer' Trojans taking advantage of the GoBrut Botnet's distribution capabilities, through which, they gain access to new sites for collecting the traffic's transaction information. However, the bot could download and run other threats besides JavaScript skimmers, running the gamut from rootkits and spyware to digital extortionists like the Teeny Ransomware.

Don't Go Soft against Brute-Force Trojans

The GoBrut Botnet is an elementary lesson in the risks of not taking proper care of your passwords, account names, and other login and security-related details. A majority of victims could prevent its bots from gaining a foothold by strengthening their passwords and account names. Updating server software appropriately, also, removes some of the exploits that the GoBrut Botnet's threat actors are abusing, along with those of competing Trojans.

Beside its Windows builds, the GoBrut Botnet supports a Unix-based ELF variant, which endangers a greater range of Web servers than previously. Site admins using CMSes like Joomla, Drupal, and OpenCart, MySQL databases, and utilities as common as FTP and Web host management are at risk as the previously-noted WordPress and PHPMyAdmin equally. For uninstalling the GoBrut Botnet's bots, most users should have automated anti-malware services scan the affected system, especially since any Trojan may drop additional threats.

The GoBrut Botnet is experiencing what one could call explosively-rapid growth, all thanks to users not securing their logins correctly. A little endeavor goes a long way when it comes to stopping even the most potent of Trojan networks.

Loading...