all InfoSec news
GobRAT malware written in Go language targeting Linux routers
Malware Analysis, News and Indicators - Latest topics malware.news
JPCERT/CC has confirmed attacks that infected routers in Japan with malware around February 2023. This blog article explains the details of the attack confirmed by JPCERT/CC and GobRAT malware, which was used in the attack.
Attack flow up to malware execution
Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT. Figure 1 shows the flow of the attack until GobRAT infects the router.
article attack attacks blog february flow japan language linux malware malware analysis router routers targeting webui