Malware written in Go language spotted in the wild

• A new Golang-based malware has been observed in attacks in the wild targeting cryptocurrency wallets.
• This strain is believed to be complex, posing a challenge for malware analysts.

These days, malware authors turn to every possible trick to come up with new threats. One good example is a new strain discovered by the security firm Malwarebytes. Reportedly, this malware is written in Golang/Go, which is a relatively new language as compared to other programming languages typically used for by malware authors.

It appears that this malware targets cryptocurrency wallets on the infected systems which is why the researchers named it as Trojan.CryptoStealer.Go.

Scouts for sensitive information

Malwarebytes researchers who conducted an extensive analysis of this malware, pointed out that the malware specifically gathers information on online activity.

The malware searches for data from web browsers under various file system paths. As Go uses WindowsAPI to perform searchers, the researchers could detect the paths searched by the malware using tools like PIN tracers.

“We can see that the browser’s cookie database is queried in search data related to online transactions: credit card numbers, expiration dates, as well as personal data such as names and email addresses. The paths to all the files being searched are stored as base64 strings. Many of them are related to cryptocurrency wallets, but we can also find references to the Telegram messenger,” explained the researchers in a blog.

The malware also looks for all TXT files on the Desktop and its sub-folders which are then copied to a specific folder. Once this is done, all the copied files are zipped together and sent to the Command & Control server of the malware.

Malware in early stage development

Although the malware is written in Golang which in itself is unusual, experts say that it is simple to decode and lacks many advanced features. In addition to that, it is believed that the malware is still in its early stages of development.

Malware development in Go has lately enticed attackers as most security tools currently are not designed for detecting and blocking malware written in relatively newer languages like Go. Only time will tell if Go-based malware will just be a flash in the pan or become a rising threat.