Threats based on Golang are on the rise. This unusual language is increasingly being used by cybercriminals to further their financial and espionage motives. Golang’s versatility allows threat actors to cross-compile the same codebase for all major operating systems, which is one of the key reasons for its popularity. In fact, this makes their job easier by allowing them to target various platforms without having to rewrite the malware for Windows, macOS, or Linux systems.
Crypto Miners Using Golang-based Malware
According to a research by CrowdStrike, Golang-based malware grew by 80 percent between June and August. Cryptocurrency miners accounted for the most malware samples, accounting for 70 percent of total malware samples detected.
Apart from cryptominers, password-stealing trojans and downloaders are among the other popular malware using the language.
Overall, researchers found that 91 percent of Golang malware samples are compiled to target Windows based computers, with only 8 percent and 1 percent compiled to target macOS and Linux systems, respectively.
There has also been an increase in the number of ransomware families based on Golang. GoGoogle, Ekans, eCh0raix, and Snatch are some of the most well-known ransomware families.
DECAF, a new ransomware strain, has recently been added to the increasing list. The malware, which was first discovered in late September and is written in Go 1.17, appends encrypted files with extensions with the same name.
Other Golang-based Malware
In September, a new Go-variant of AnarchyGrabber password stealers was discovered that could steal victims’ Discord user token. The malware strain can also infect the victim’s friends on Discord with additional malware.
BotenaGo, a new botnet, is currently being developed. At the moment, it has exploits for 33 vulnerabilities that affect millions of routers, modems, and NAS devices.
Since the botnet is written in Golang, it is more difficult to detect and reverse engineer.
Concluding Words
Malware written in Golang isn’t a passing trend; it’s here to stay. The programming language’s versatility proves that malware developers can accommodate it in any type of malware. Organizations must take necessary security precautions to prevent such attacks, since bitcoin miners currently appear to attract the interest of threat actors.