Last Updated on 22/11/2021 by Sunaina
Threats based on Golang are on the rise. This unusual language is increasingly being used by cybercriminals to further their financial and espionage goals. Golang’s adaptability allows threat actors to cross-compile the same codebase for all major operating systems, which is one of the key reasons for its emergence. In fact, this makes their job easier by allowing them to target various platforms without having to rewrite the malware for Windows, macOS, or Linux PCs.
According to CrowdStrike’s findings, Golang-based malware grew by 80% between June and August. Cryptocurrency miners accounted for the most malware samples, accounting for 70% of all discovered malware. Password-stealing trojans and downloaders are among the numerous types of malware that use the language. Overall, researchers found that 91 percent of Golang malware variants are constructed to target Windows computers, with just 8% and 1% designed to target macOS and Linux systems, respectively.
There has also been an increase in the number of ransomware families built on Golang. GoGoogle, Ekans, eCh0raix, and Snatch are some of the most well-known ransomware families. DECAF, a new ransomware strain, has recently been added to the increasing list. The virus, which was initially discovered in late September and is written in Go 1.17, appends encrypted files with the same name extension.
In September, a new Go-variant of AnarchyGrabber password stealers was discovered that has the capacity to steal victims’ Discord login token. The virus strain is also capable of infecting the victim’s Discord pals with further spyware. BotenaGo, a new botnet, is also under development. It currently contains exploits for 33 vulnerabilities that affect millions of routers, modems, and network attached storage (NAS) devices. Because the botnet is written in Golang, it is more difficult to detect and decipher.
Malware built in Golang isn’t a passing trend; it’s here to stay. The programming language’s flexibility demonstrates that malware developers may use it in any sort of infection. Organizations must take required security precautions to resist such assaults, since bitcoin miners currently appear to attract the interest of threat actors.
