MALIKA KAROUM

MALIKA KAROUM

  • Home
  • Inleiding
  • Unite Arab Emirates
  • Blog
  • video’s
  • Promotion
    • Worth for free now
    • Work from Home 2023
    • Gadgets
    • All about Windows
    • about Whatsapp
    • Whats the
    • About websites
    • New Ways
    • New Way of Watching
    • Virtual
    • Website
    • All about Video
    • How to Use
    • YouTube Info
    • All about Twitter
    • The Best of
    • About Apps
    • Google News
    • For Free
    • About This
    • Need More
    • Why should you
    • Iphone news
    • Interesting News
    • About Amazone
    • Some tips
    • About Netflix
    • All about Music
    • About Facebook
  • Marketing
    • Malika Karoum Strategie Modules
    • Malika Karoum Online Marketing
    • Malika Karoum Business Service
    • Malika Karoum Marketing Platform
    • Online business marketing
  • Luxury
    • The Indulgence Business site
    • The Luxury Web site
    • The Ultimate Indulgence
    • The Indulgence Site
    • The Ultimate Luxury Information site
    • Online luxury
  • Malika Karoum
    • Malika Karoum LinkedIn
    • Malika Karoum Facebook
    • Malika Karoum Instagram
    • Malika Karoum Business News
    • Adverteren grote fraude
    • Menu POS
    • Malika Karoum Evenementen
  • Security
  • Malika Karoum link
  • Home
  • Malika Karoum Global News
  • What You Need To Know About Golang-Based Malware
March 30, 2023

What You Need To Know About Golang-Based Malware

What You Need To Know About Golang-Based Malware

by Malika Karoum / Friday, 05 March 2021 / Published in Malika Karoum Global News

Golang is becoming the programming language of choice for many malware developers. According to cybersecurity firm Intezer, there’s been an almost 2000 percent increase in the number of Go-based malware strains found in the wild since 2017.

The number of attacks using this type of malware is expected to increase in the next couple of years. What’s most alarming is that we’re seeing many threat actors who are targeting multiple operating systems with strains from a single Go codebase.

Here’s everything else you need to know about this emerging threat.

What Is Golang?

Go (a.k.a. Golang) is an open-source programming language that is still relatively new. It was developed by Robert Griesemer, Rob Pike, and Ken Thompson at Google in 2007, although it was only officially introduced to the public in 2009.

It was developed as an alternative to C++ and Java. The goal was to create something that is straightforward to work with and easy to read for developers.

Related: Learn the Language of Android With This Google Go Developer Training

Why Are Cybercriminals Using Golang?

There are thousands of Golang-based malware in the wild today. Both state-sponsored and non-state-sponsored hacking gangs have been using it to produce a host of strains including Remote Access Trojans (RATs), stealers, coin miners, and botnets among many others.

What makes this type of malware extra potent is the way it can target Windows, macOS, and Linux using the same codebase. This means that a malware developer can write code once and then use this single code base to compile binaries for multiple platforms. Using static linking, a code written by a developer for Linux can run on Mac or Windows.

What #Golang is most used for#programming #coding #code #dev #webdev #CodeNewbie #100DaysOfCode #69DaysOfCode #WomenWhoCode pic.twitter.com/Fv8v5v8Gd5

— kuka0len (@kuka0len) February 15, 2021

We’ve seen go-based crypto miners that target both Windows and Linux machines as well as multi-platform cryptocurrency-stealers with trojan apps that run on macOS, Windows, and Linux devices.

Aside from this versatility, strains written in Go have proven to be very stealthy too.

Many have infiltrated systems without detection mainly because malware written in Go is large. Also because of static linking, binaries in Go are relatively larger compared to those by other languages. Many antivirus software services are not equipped to scan files this bulky.

Moreover, it is harder for most antiviruses to find suspicious code in Go binary since they look much different under a debugger compared to others written in more mainstream languages.

It doesn’t help that features of this programming language make Go binaries still harder to reverse engineer and analyze.

While many reverse engineering tools are well equipped at analyzing binaries compiled from C or C++, Go-based binaries still present new challenges for reverse engineers. This has kept detection rates of Golang malware notably low.

Go-Based Malware Strains and Attack Vectors

Before 2019, spotting malware written in Go may have been rare but in recent years there’s been a steady increase in nasty go-based malware strains.

A malware researcher has found around 10,700 unique malware strains written in Go in the wild. The most prevalent of these are RATs and backdoors but in recent months we’ve also seen a great deal of insidious ransomware written in Go.

ElectroRAT

Operation #ElectroRAT

Already thousands of crypto wallets stolen. Extensive campaign includes written from scratch RAT hidden in trojanized applications.

Windows, Linux and macOS samples undetected in VirusTotalhttps://t.co/KyBqPhZ0jW pic.twitter.com/iba6GEZ67r

— Intezer (@IntezerLabs) January 5, 2021

One such info-stealer written in Golang is the extremely intrusive ElectroRAT. While there are many of these nasty info-stealers around, what makes this one more insidious is how it targets multiple operating systems.

The ElectroRAT campaign, discovered in December 2020, features cross-platform Go-based malware that has an arsenal of vicious capabilities shared by its Linux, macOS, and Windows variant.

This malware is capable of keylogging, taking screenshots, uploading files from disks, downloading files, and executing commands aside from its ultimate goal of draining cryptocurrency wallets.

Related: ElectroRAT Malware Targeting Cryptocurrency Wallets

The extensive campaign that’s believed to have remained undetected for a year involved even more elaborate tactics.

The latter included creating a fake website and fake social media accounts, creating three separate trojan-infected apps related to cryptocurrency (each targeting Windows, Linux, and macOS), promoting the tainted apps on crypto and blockchain forums like Bitcoin Talk, and luring victims to the trojanized app’s webpages.

Once a user downloads and then runs the app, a GUI opens while the malware infiltrates in the background.

RobbinHood

This sinister ransomware made headlines in 2019 after crippling the city of Baltimore’s computer systems.

The cybercriminals behind the Robbinhood strain demanded $ 76,000 to decrypt the files. The government’s systems were rendered offline and out of service for almost a month and the city reportedly spent an initial $ 4.6 million to recover the data in the affected computers.

Damages due to loss of revenue may have cost the city more—up to $ 18 million according to other sources.

Originally coded in the Go programming language, the Robbinhood ransomware encrypted the victim’s data and then appended the file names of compromised files with the .Robbinhood extension. It then placed an executable file and text file on the desktop. The text file was the ransom note with the attackers’ demands.

Zebrocy

#Apt28
Zebrocy’s Multilanguage Malware Saladhttps://t.co/uX2WxISvvl pic.twitter.com/4WPDCVDhNY

— blackorbird (@blackorbird) June 4, 2019

In 2020, malware operator Sofacy developed a Zebrocy variant that’s written in Go.

The strain masqueraded as a Microsoft Word document and was spread using COVID-19 phishing lures. It worked as a downloader that collected data from the infected host’s system and then uploaded this data onto the command-and-control server.

Related: Watch Out For These 8 COVID-19 Cyber Scams

The Zebrocy arsenal, composed of droppers, backdoors, and downloaders, has been in use for many years. But its Go variant was only discovered in 2019.

It was developed by state-backed cybercrime groups and has previously targeted ministries of foreign affairs, embassies, and other government organizations.

More Golang Malware To Come In The Future

Go-based malware is rising in popularity and is continuously becoming the go-to programming language for threat actors. Its ability to target multiple platforms and stay undetected for a long time makes it a serious threat worthy of attention.

That means it’s worthwhile highlighting that you need to take basic precautions against malware. Don’t click on any suspicious links or download attachments from emails or websites—even if they come from your family and friends (who may already be infected).

MUO – Feed

  • Tweet
Tagged under: About, GolangBased, Know, Malware, Need

About Malika Karoum

What you can read next

7 Reasons to Replace Android With /e/OS on Your Smartphone
5 Useful Resume Sites for Preparing a CV That Gets Read in 2018
5 Best Sites for Photo Essays and News in Pictures

Malika Karoum Blog 2023

  • How to Delete the Last 15 Minutes of Your Google Search History

    There’s a quick way for you to clear your...
  • Lenovo Wants You to Know Its Yoga Pad Pro Can Be Used as a Portable Switch Display

    Sometimes, when playing with your Nintendo Swit...
  • The 5 Best Apps for Buying and Selling Pre-Owned Books

    We’ve all been at the point where we have...
  • Humble’s Recent "Heal Covid-19" Bundle Raised 1.2 Million for Charity

    To help raise money for COVID-19 relief in Indi...
  • Nintendo Partners With PlayVS to Make Its Games Recognized High School Varsity Athletics

    It’s odd—Nintendo gets a lot of flak for ...
  • The Pros and Cons of Playing Video Games on an Emulator

    If you’re a fan of playing retro video ga...
  • 5 Curators to Find the Best Articles Worth Reading on the Internet

    When anyone and everyone is a publisher, it isn...
  • Apple Could Unveil iPads With OLED Screens in 2023

    Apple only just switched from LCD to mini-LED d...
  • What Is Signal and How Does It Work?

    The chances are that you use at least one of th...
  • Samsung’s Upcoming Flagship Exynos Chipset Will Feature AMD’s RDNA2 GPU

    AMD confirmed its partnership with Samsung at C...
  • Atari Finally Reveals the Launch Date for the New Atari VCS Console

    At last, after what seems like an age (it pract...
  • Twitter Starts Testing Full-Screen Ads in Fleets

    Twitter has announced that it will be adding fu...
  • When Is Facebook Messenger Going to Offer End-to-End Encryption?

    Facebook Messenger is easy to use and has great...
  • Get Paid to Play Apps: How They Work and What You Risk

    You’ve probably seen advertisements for a...
  • When Will PS5 Production Ensure Supply Meets Demand?

    Despite the PS5’s launch taking place in ...
  • How to Manage Processes on Ubuntu Using System Monitor

    Linux, like most modern operating systems, is v...
  • How to Get Verified on Twitter and Finally Get That Blue Check Mark

    Twitter, like most social media platforms, offe...
  • 10 Street Photography Tips That Will Make You a Better Photographer

    Street photography is enjoyed by many enthusias...
  • Huawei Freebuds 4i Review: Quality ANC Earbuds for $100

    Huawei Freebuds 4i 8.00 / 10 Read Reviews Read ...
  • What Is Extended Reality (XR) and How Does It Work?

    We’re living in a digital age where the virtual...

MALIKA KAROUM ONLINE MARKETING PLATFORM

Office:
RME HOLDINGS SARL – DUBAI BRANCH

BUSINESS CENTER

Parcel ID: 345-835

Area: Bur Dubai

Sub Area: Burj Khalifa

UNITED ARAB EMIRATES

 

 

 

Malika Karoum Concept

Malika Karoum Projects

  • GET SOCIAL

© 2014 Malika Karoum -United Arab Emirate Dubai- All Rights Reserved

TOP