The Rising Popularity of Golang-based Malware

Crypto miners making the best use 

• Research from CrowdStrike reveals that Golang-based malware increased by 80% between June and August. 
• Cryptocurrency miners earned the largest share, accounting for 70% of the total malware samples detected. 
• Besides cryptominers, other popular malware using the language includes password-stealing trojans and downloaders. 
• Overall, researchers indicate that 91% of the identified Golang malware samples are compiled to target Windows, with only 8% and 1% compiled to target macOS and Linux systems. 

Golang ransomware also surges

• There has also been a surge in the number of Golang-based ransomware families. 
• Some of the known ransomware families are GoGoogle, Ekans, eCh0raix, and Snatch.  
• Adding one more lately to the growing list is a new ransomware strain named DECAF. Written in Go 1.17, the malware was first spotted in late September and appends the encrypted files with extensions with the same name.   

A glance at other Golang-based malware threats

• A new Go-variant of AnarchyGrabber password stealers with the capability to steal victims’ Discord user token was spotted in September. The malware variant is also capable of spreading additional malware to other friends of the victim on Discord. 
• A new botnet identified as BotenaGo is also in the making. Currently, it includes exploits for 33 vulnerabilities affecting millions of routers, modems, and NAS devices. 
• The botnet is written in Golang, which makes it harder to detect and reverse engineer. 

Final thoughts - Golang malware is here to stay