loader gif

An Overview of the Recent Wave of Malware Written in GoLang

An Overview of the Recent Wave of Malware Written in GoLang

GoLang image credits - Wikimedia (CC BY-SA 3.0)

  • Malware written in Go programming language has been steadily on the rise.
  • This language appears to provide a number of benefits to attackers that lets them sneak into victims’ systems.

In July 2019, a security researcher found nearly 10,700 unique samples of malware written in Go programming language, also known as GoLang.

Why GoLang?

Getting into target systems undetected is the goal of most malware, and GoLang seems to assist this goal with its features.

  • A single codebase can be compiled for all major operating systems in this language.
  • Malware written in GoLang have large sizes. This lets them infiltrate into systems undetected, as certain antivirus software cannot scan files that big.
  • This language also has a rich library ecosystem that makes the process of creating malware quite smooth.

Recent instances of malware using GoLang

In February 2019, a Trojan malware written in GoLang was found to be targeting eCommerce sites using brute force attacks.

A ransomware called JCry infected various systems as a part of a coordinated cyber attack. In March 2019, several Israeli websites fell victim to the attack, called ‘#OpJerusalem’. JCry is written in GoLang.

Researchers discovered a cryptomining campaign in July 2019 that delivered the GoLang malware, targeting Linux-based servers.

South Korean users were affected by a campaign in July 2019 that spread a malware called GoBotKR, written in GoLang. It spread via torrent sites and allowed attackers to control the infected system remotely.

Fancy Bear returned in September 2019 with a new campaign that was observed to have a few updates. These updates include the payload being rewritten in GoLang and the introduction of a new GoLang backdoor.

The bottom line

GoLang seems to be increasing in popularity among hackers who are developing malware for cybercrimes. Palo Alto Networks has provided the Indicators of Compromise (IOCs) based on their analysis for malware written in GoLang.

loader gif