GoBot2
GoBot2 is an open-source backdoor Trojan that has already been employed in at least one large-scale attack that targeted users in South Korea. The variant of GoBot2 used in this campaign goes by the name GoBotKR, and it was used to create a massive botnet of infected computers that could be used to execute distributed-Denial-of-Service (DDoS) attacks or mine for cryptocurrency. The GoBot2 Trojan is a threat to be wary of undoubtedly, because of the fact that its source code is public and any cybercriminal can use it to create their own variant of this backdoor Trojan especially.
GoBot2 is an Open-source Backdoor Written in Google Go
One of the notable things about the GoBot2 project is that it is written in Go, a programming language developed by Google. Go-based malware appears to be becoming a frequent sight in the cybercrime field, but most high-profile threat actors continue to rely on more classic programming languages for the development of their hacking tools.
GoBot2 comes with loads of features that work out-of-the-box. The backdoor Trojan would provide the remote attacker with the ability to:
- Control running processes.
- Execute remote commands.
- Run a keylogger.
- Launch DDoS attacks.
- Power off the computer.
- Update GoBot2's instance, or terminate itself.
- Load Web pages.
- Download additional files and run them.
Apart from all these features, the GoBot2 backdoor can also collect information about the infected host, therefore providing the attacker with enough information to determine how they should proceed with the attack. The system fingerprint that the GoBot2 backdoor grabs contains the network configuration, username, operating system version, hardware details, installed applications, and installed antivirus software.
The Threat may Pose as a Legitimate Driver or Windows Service
Some of the GoBot2 backdoor Trojan instances that were detected in the wild attempted to disguise their malicious processes by using the names of legitimate Windows services, and audio or video drivers. In addition to this, the GoBot2 backdoor may also acquire persistence by creating an autorun registry key that points to the Trojan's malicious executable.
Protecting your computer from the GoBot2 malware can be accomplished by using the services of an up-to-date and trustworthy antivirus application.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.