GOLANG – Trojan That Uses Twitter as a C&C server

Botnet

GoAT (Golang Advanced Trojan) is a trojan made in Go, using Twitter as a the C&C server. GoAT has some very unique and impressive capabilities, including multi-threaded command execution and a sophisticated self defense rootkit module (written in C).

This tool  can be used during a penetration testing project or a security awareness session to demonstrate how hackers use social networks to promote their bots. the idea that hacker will install the Trojan on several systems next he will be sending instruction to remote system over twitter.

The configuration file contain account information to be used on twitter and the time to check status by default this is set to 5 seconds. so the infected machine will be checking if there is a new command each 5 seconds.

some of the future enhancements are:

  • Check for >1 running instance
  • Rootkit: Prevent use and installation of antimalware/antivirus software
  • Adding the following Commands:
    • DDoS
    • Send messagebox
    • Uninstall
    • Shutdown/Restart

You can download this tool over the following link: https://github.com/petercunha/GoAT

Share
  • Jason W

    Damn, that built-in rootkit is really cool. Thanks for sharing!