A new type of trojan called GobRAT infects Japanese Linux routers with malicious code.
The JPCERT Coordination Center (JPCERT/CC) warns that the trojan, which uses a loader script to gain remote access, masquerades as an Apache daemon process.
It can also disable firewalls, establish persistence, and register an SSH key in the .ssh/authorized_keys file for remote access.
GobRAT communicates with a remote server via the Transport Layer Security (TLS) protocol to receive 22 different encrypted commands for execution.
The report details how this trojan works.
An attacker compromises a router with a web-exposed router, executes a few malicious scripts, and then infects it with the RAT.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply