Golang-powered threats are exploding. Cybercriminals are increasingly adopting this uncommon language to fuel their financial and espionage motives. One of the significant reasons for the rise is Golang’s versatility that enables threat actors to cross-compile the same codebase for all major operating systems. In fact, this makes their job easier by saving time for rewriting the malware for Windows, macOS, and Linux systems, while allowing them to target multiple platforms effortlessly.

Crypto miners making the best use 

  • Research from CrowdStrike reveals that Golang-based malware increased by 80% between June and August. 
  • Cryptocurrency miners earned the largest share, accounting for 70% of the total malware samples detected. 
  • Besides cryptominers, other popular malware using the language includes password-stealing trojans and downloaders. 
  • Overall, researchers indicate that 91% of the identified Golang malware samples are compiled to target Windows, with only 8% and 1% compiled to target macOS and Linux systems. 

Golang ransomware also surges

  • There has also been a surge in the number of Golang-based ransomware families. 
  • Some of the known ransomware families are GoGoogle, Ekans, eCh0raix, and Snatch.  
  • Adding one more lately to the growing list is a new ransomware strain named DECAF. Written in Go 1.17, the malware was first spotted in late September and appends the encrypted files with extensions with the same name.   

A glance at other Golang-based malware threats

  • A new Go-variant of AnarchyGrabber password stealers with the capability to steal victims’ Discord user token was spotted in September. The malware variant is also capable of spreading additional malware to other friends of the victim on Discord. 
  • A new botnet identified as BotenaGo is also in the making. Currently, it includes exploits for 33 vulnerabilities affecting millions of routers, modems, and NAS devices. 
  • The botnet is written in Golang, which makes it harder to detect and reverse engineer. 

Final thoughts - Golang malware is here to stay

Golang-written malware is not a fad, it’s here to stay. The versatility offered by the programming language proves that malware authors can accommodate it in any type of malware. As cryptocurrency miners currently seem to pique the interest of threat actors, organizations must take necessary security measures to thwart such attacks.

Cyware Publisher