"New Go-written GobRAT RAT targets Linux Routers in Japan"

GobRAT, a new Remote Access Trojan (RAT) written in the Go programming language, targets Linux routers in Japan, according to the JPCERT Coordination Center. To execute malicious scripts and deploy the GobRAT malware, threat actors are targeting Linux routers whose WEBUI is open to the public. Loader Script serves as a loader, supporting multiple functions for downloading and deploying the GobRAT. Researchers found an SSH public key, likely used as a backdoor, which is hard-coded in the script. The Loader Script uses crontab to maintain persistence because GobRAT does not support this function. According to researchers, the Loader Script has multiple functions, including disabling the firewall, downloading GobRAT for the target machine's architecture, creating the Start Script, creating and executing the Daemon Script, and more. The RAT communicates with the command-and-control (C2) server over TLS and can execute various commands. This article continues to discuss findings regarding GobRAT. 

Security Affairs reports "New Go-written GobRAT RAT targets Linux Routers in Japan"