BleepingComputer reports that WordPress websites are being targeted by new GoTrim botnet malware in an ongoing campaign, which seeks to brute-force administrator passwords to facilitate site takeovers and further attacks.
GoTrim's botnet network has been fed with various target websites, which the malware connects to as it works to brute-force the sites' admin accounts using credentials that were also inputted to the botnet network, according to a Fortinet report.
After successfully infiltrating admin accounts, GoTrim proceeds to leverage PHP scripts to enable bot client retrieval before establishing a connection with the command-and-control server. Different encrypted commands sent to GoTrim include those for validating credentials against WordPress, Joomla!, Data Life Engine, and OpenCart domains, as well as identifying the installation of such instances on the domain, and ending the malware.
The report also showed that GoTrim has been bypassing detection by targeting self-hosted sites, instead of those hosted on WordPress.com, as well as spoofing Firefox on 64-bit Windows requests.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news