Golang-based Malware Trends Among Cyberattackers

Why Golang?

• The multi-variate language enables a single codebase to be compiled into all major operating systems such as Linux, Windows, and Mac.
• Also, because malware written in Golang is large in size, this lets threat actors go undetected as certain antivirus software cannot scan files that big.
• The language also has a rich library ecosystem that makes the process of creating quite smooth.

How widespread is the use in recent times? 

• Linux malware authors used the Ezuri crypter written in Golang to evade antivirus detection as part of their infiltration process into Windows and Linux environments. For the attackers, Ezuri worked both as a crypter and loader for ELF binaries.
• In early 2021, a new Golang-based RAT dubbed ElectroRAT was discovered targeting a variety of OS platforms with an aim to steal cryptocurrencies. The malware was distributed via fake domains, fake social media accounts, and trojanzied applications.
• The last week of December 2020 witnessed a new worm written in Golang aiming at Windows and Linux servers to run XMRig miner that mines Monero cryptocurrency.
• Similarly, in the early week of December 2020, researchers uncovered a new Golang variant of PlugX malware used by the TA416 threat actor group in an attack campaign against entities in the Vatican and Myanmar.

Bottom line