Updated on 2022-12-13
Fortinet said it recently linked a Go-based CMS scanner and brute-forcing tool to a new botnet named GoTrim. According to the company, this new botnet appears to have been created around September 2022 and is mostly comprised of hacked WordPress sites, although evidence suggests GoTrim can also infect Joomla, OpenCart, and DataLife-based websites as well.
Overview
FortiGuard Labs identified a previously unseen CMS scanner and brute forcer, dubbed GoTrim, installed in infected WordPress sites. The campaign is still ongoing. Read more: GoTrim: Go-based Botnet Actively Brute Forces WordPress Websites