THE Go Client trap targets the popular open-source remote access tool RustDesk, which was besieged in late January 2026 by an automated campaign orchestrated by a sprawling botnet. According to the report, the attack relies not on software vulnerabilities but on a flood of automated connection requests from a client named “Go Client,” prompting users to grant access by consent. Once a foothold is gained, the botnet executes scripted commands to deploy ancillary malware and establish persistence across systems.
The campaign is characterised by arbitrary solicitations from many IPs, automated reconnaissance to identify active RustDesk IDs, and opportunistic, non-targeted incursions that bypass passwords by exploiting user action alone. To defend against such incursions, the article advises reconfiguring the Accept protocol to require a password, enabling two-factor authentication or IP whitelisting, adopting self-hosting with restricted exposure, and leveraging advanced access controls available in professional editions.
Published on 3 February 2026, the piece emphasises vigilance and cautious handling of unfamiliar connection requests as essential countermeasures.