• Home
  • About
    • Delta Media Hosting
    • Delta Media Core-business
    • Delta Media
    • Adverteren grote fraude
    • Menu POS
    • Delta Global Security
    • Delta Evenementen
    • LinkedIn
    • Facebook
    • Facebook Group
    • Twitter
    • Terms & Policy
    • Contact
    • .
  • Online Project
  • Delta Online Streaming
    • Sidney Samson Project
    • Sidney Samson Site
    • DJ Online Streaming
    • DJ online Streaming Platform
    • DJ Online Streaming Site
    • Online Music Streaming
    • The Online Streaming Platform
    • Online Streaming Radio
    • Streaming Service
    • Digitale Radio
    • DJ Video Platform
    • Online Streaming Service
    • Online Streaming Info
    • Online Streaming Platform
    • More Ledo links
  • Marketing Platform
    • Delta Media Strategie Modules
    • Online Marketing
    • Delta Social Media
    • Delta Media Service
    • Delta media Platform
    • Delta Marketing Platform
    • Online business marketing
    • Online Business
      • Worth for free now
      • Work from Home 2020
      • Gadgets
      • All about Windows
      • about Whatsapp
      • Whats the
      • About websites
      • New Ways
      • New Way of Watching
      • Virtual
      • Website
      • All about Video
      • How to Use
      • YouTube Info
      • All about Twitter
      • The Best of
      • About Apps
      • Google News
      • For Free
      • About This
      • Need More
      • Why should you
      • Iphone news
      • Interesting News
      • About Amazone
      • Some tips
      • About Netflix
      • All about Music
      • About Facebook
  • Luxury Platform
    • The Indulgence Business site
    • The Luxury Web site
    • The Ultimate Indulgence
    • The Indulgence Site
    • The Ultimate Luxury Information site
    • Online luxury
  • Projecten
    • Global Diamond Security
    • Aqualith Project
    • Delta Online Projects
    • Delta Media
    • Delta Media Projects
    • Crypto info
      • What is Cryptocurrency
      • Delta Media ICO systeem
      • Cryptocurrency Information
      • About miners
      • Best Bitcoin Bokers
      • Overview Cryptocurrency
      • BLOCKCHAIN WEB PLATFORM
      • Delta Media ICO Cryptocurrency
      • Bitcoin Ticker
      • ICO and Cryptocurrency modules
      • Cryptocurrency, Blockchain, Bitcoin modules
      • Delta Buy & Sale Token
      • Buy and sell digital currency module
      • ico – Crypto BlockChain Parallax module
      • Exchange Cryptocurrency module
  • Nieuws
    • RegioTV Nieuws
    • Regionaal Nieuws Platform
    • Nieuws Regio’s Tiel
    • RegioTV Buren
    • RegioTV Neder-Betuwe
    • Regionaal Nieuws Tiel
    • Micro Locals Nieuws
    • Micro Locals project
    • Lokale CSM systeem
    • RegioTV nieuws
    • Politiek Nederland
    • Politiek Gelderland
    • Politiek Tiel
    • Regio Nieuwsberichten Tiel
    • Regionaal nieuws
    • Regionaal video nieuws
    • RegioTV Nieuws & info
    • Regio Nieuws
    • Online video nieuws
    • Online Nieuws
    • Nieuws online RegioTV
    • Regionale content video
  • Promotie
  • Ads prices
    • Online Blog promotion price
    • Online web sites prices
    • Global Promotion Platform
  • Home
  • Delta Media News
  • What You Need To Know About Golang-Based Malware
April 18, 2021

What You Need To Know About Golang-Based Malware

What You Need To Know About Golang-Based Malware

by rudy deighton / Friday, 05 March 2021 / Published in Delta Media News

Golang is becoming the programming language of choice for many malware developers. According to cybersecurity firm Intezer, there’s been an almost 2000 percent increase in the number of Go-based malware strains found in the wild since 2017.

The number of attacks using this type of malware is expected to increase in the next couple of years. What’s most alarming is that we’re seeing many threat actors who are targeting multiple operating systems with strains from a single Go codebase.

Here’s everything else you need to know about this emerging threat.

What Is Golang?

Go (a.k.a. Golang) is an open-source programming language that is still relatively new. It was developed by Robert Griesemer, Rob Pike, and Ken Thompson at Google in 2007, although it was only officially introduced to the public in 2009.

It was developed as an alternative to C++ and Java. The goal was to create something that is straightforward to work with and easy to read for developers.

Related: Learn the Language of Android With This Google Go Developer Training

Why Are Cybercriminals Using Golang?

There are thousands of Golang-based malware in the wild today. Both state-sponsored and non-state-sponsored hacking gangs have been using it to produce a host of strains including Remote Access Trojans (RATs), stealers, coin miners, and botnets among many others.

What makes this type of malware extra potent is the way it can target Windows, macOS, and Linux using the same codebase. This means that a malware developer can write code once and then use this single code base to compile binaries for multiple platforms. Using static linking, a code written by a developer for Linux can run on Mac or Windows.

What #Golang is most used for#programming #coding #code #dev #webdev #CodeNewbie #100DaysOfCode #69DaysOfCode #WomenWhoCode pic.twitter.com/Fv8v5v8Gd5

— kuka0len (@kuka0len) February 15, 2021

We’ve seen go-based crypto miners that target both Windows and Linux machines as well as multi-platform cryptocurrency-stealers with trojan apps that run on macOS, Windows, and Linux devices.

Aside from this versatility, strains written in Go have proven to be very stealthy too.

Many have infiltrated systems without detection mainly because malware written in Go is large. Also because of static linking, binaries in Go are relatively larger compared to those by other languages. Many antivirus software services are not equipped to scan files this bulky.

Moreover, it is harder for most antiviruses to find suspicious code in Go binary since they look much different under a debugger compared to others written in more mainstream languages.

It doesn’t help that features of this programming language make Go binaries still harder to reverse engineer and analyze.

While many reverse engineering tools are well equipped at analyzing binaries compiled from C or C++, Go-based binaries still present new challenges for reverse engineers. This has kept detection rates of Golang malware notably low.

Go-Based Malware Strains and Attack Vectors

Before 2019, spotting malware written in Go may have been rare but in recent years there’s been a steady increase in nasty go-based malware strains.

A malware researcher has found around 10,700 unique malware strains written in Go in the wild. The most prevalent of these are RATs and backdoors but in recent months we’ve also seen a great deal of insidious ransomware written in Go.

ElectroRAT

Operation #ElectroRAT

Already thousands of crypto wallets stolen. Extensive campaign includes written from scratch RAT hidden in trojanized applications.

Windows, Linux and macOS samples undetected in VirusTotalhttps://t.co/KyBqPhZ0jW pic.twitter.com/iba6GEZ67r

— Intezer (@IntezerLabs) January 5, 2021

One such info-stealer written in Golang is the extremely intrusive ElectroRAT. While there are many of these nasty info-stealers around, what makes this one more insidious is how it targets multiple operating systems.

The ElectroRAT campaign, discovered in December 2020, features cross-platform Go-based malware that has an arsenal of vicious capabilities shared by its Linux, macOS, and Windows variant.

This malware is capable of keylogging, taking screenshots, uploading files from disks, downloading files, and executing commands aside from its ultimate goal of draining cryptocurrency wallets.

Related: ElectroRAT Malware Targeting Cryptocurrency Wallets

The extensive campaign that’s believed to have remained undetected for a year involved even more elaborate tactics.

The latter included creating a fake website and fake social media accounts, creating three separate trojan-infected apps related to cryptocurrency (each targeting Windows, Linux, and macOS), promoting the tainted apps on crypto and blockchain forums like Bitcoin Talk, and luring victims to the trojanized app’s webpages.

Once a user downloads and then runs the app, a GUI opens while the malware infiltrates in the background.

RobbinHood

This sinister ransomware made headlines in 2019 after crippling the city of Baltimore’s computer systems.

The cybercriminals behind the Robbinhood strain demanded $ 76,000 to decrypt the files. The government’s systems were rendered offline and out of service for almost a month and the city reportedly spent an initial $ 4.6 million to recover the data in the affected computers.

Damages due to loss of revenue may have cost the city more—up to $ 18 million according to other sources.

Originally coded in the Go programming language, the Robbinhood ransomware encrypted the victim’s data and then appended the file names of compromised files with the .Robbinhood extension. It then placed an executable file and text file on the desktop. The text file was the ransom note with the attackers’ demands.

Zebrocy

#Apt28
Zebrocy’s Multilanguage Malware Saladhttps://t.co/uX2WxISvvl pic.twitter.com/4WPDCVDhNY

— blackorbird (@blackorbird) June 4, 2019

In 2020, malware operator Sofacy developed a Zebrocy variant that’s written in Go.

The strain masqueraded as a Microsoft Word document and was spread using COVID-19 phishing lures. It worked as a downloader that collected data from the infected host’s system and then uploaded this data onto the command-and-control server.

Related: Watch Out For These 8 COVID-19 Cyber Scams

The Zebrocy arsenal, composed of droppers, backdoors, and downloaders, has been in use for many years. But its Go variant was only discovered in 2019.

It was developed by state-backed cybercrime groups and has previously targeted ministries of foreign affairs, embassies, and other government organizations.

More Golang Malware To Come In The Future

Go-based malware is rising in popularity and is continuously becoming the go-to programming language for threat actors. Its ability to target multiple platforms and stay undetected for a long time makes it a serious threat worthy of attention.

That means it’s worthwhile highlighting that you need to take basic precautions against malware. Don’t click on any suspicious links or download attachments from emails or websites—even if they come from your family and friends (who may already be infected).

MUO – Feed

  • Tweet
Tagged under: About, GolangBased, Know, Malware, Need

About rudy deighton

What you can read next

Garmin Unveils Fenix 6X Pro: GPS Smartwatch With Solar Charging
How to Decide If a Chromebook Is Right For You
Why You Should Get a Salesforce Admin Certification Today

Rudy Deighton Corporate Blog

  • Apple Highlights Environmental Benefits of Not Selling iPhones With Power Adapters

    Following the launch of the iPhone 12 last year...
  • The 6 Best Laptop Fan Control Apps to Keep Your Laptop Cool

    Don’t have a dedicated fan control softwa...
  • How to Configure Display Scaling on Windows 10 for High-DPI Monitors

    It is not a secret that Windows doesn’t look go...
  • How to Use CSS box-shadow: 13 Tricks and Examples

    CSS is the language developers use to style a w...
  • You Can Now Use NVIDIA’s GeForce Experience to Optimize Creative Apps

    The April 2021 update of the NVIDIA Studio Driv...
  • Microsoft Edge Canary Arrives on Android

    Microsoft’s Edge browser is its best offe...
  • Facebook Is Now Powered Entirely by Renewable Energy

    Over the last few years, tech giants have been ...
  • Google Search Launches a New Shortcut for Editing Your Query

    Google’s search results page on desktop n...
  • Google Chrome Gets New Features to Boost Your Productivity

    Google has announced some new productivity feat...
  • Reddit Invites Everyone Into Its Bug Bounty Program

    Fancy yourself a dab hand at breaking into webs...
  • Why You Still Can’t Get Hold of a PS5

    The PS5 has been out for a while now. Despite t...
  • Xgimi’s New Horizon Projectors Bring 4K for Under $2,000

    If you’re looking to add ultra high defin...
  • Microsoft Releases Windows 10 Insider Preview Build 21359

    Microsoft’s Windows 10 Preview builds are...
  • Celebrate Earth Day With These 5 Eco-Friendly Mobile Apps

    April 22nd marks Earth Day across the globe, an...
  • The 7 Best Hidden Features in Microsoft Edge

    Microsoft’s all-new Edge browser has managed to...
  • Artfol Finally Makes Its Long-Awaited Debut on iOS

    There isn’t one standout online art platf...
  • Anker Introduces an Affordable, AI-Enabled Webcam for Home Offices

    Anker is expanding its growing lineup of home o...
  • You Can Now Store PS5 Games on External USB Drives

    Sony has made it easier for you to store more P...
  • Siri Reveals When the Next Apple Launch Event Is Happening

    According to Siri, the Apple Event 2021 appears...
  • The FCC Launches a Speed Test App to Measure Broadband Availability

    A new app from the Federal Communications Commi...
  • Facebook Makes It Easier to Find Out Where to Get Your COVID-19 Vaccine

    More and more Americans are becoming eligible t...
  • LG Confirms List of Phones Set to Get Android 12 and Android 13

    LG recently announced that it’s dropping ...
  • Microsoft’s Latest Attack Ad Rips Into the iPad Pro

    It might be 2021, but to someone in Microsoft&#...
  • Sony May Be Planning to Bring Its "Most Popular Franchises" to Mobile

    Sony Interactive Entertainment is currently loo...
  • How to Include Emojis in Your Python Code

    An emoji is a small digital image used to expre...
  • The Samsung Galaxy S21 FE Has Leaked in Renders

    Renders of Samsung’s upcoming “Fan ...
  • Study: The US Is Spreading COVID-19 Misinformation to Canada

    Canadian prime minister Justin Trudeau once des...
  • The Official 2021 White House Portraits Were Shot With the Sony a9 II

    Weeks after the inauguration of a new US presid...
  • The 5 Best Music Visualizers for Android

    Music visualizers can help you bring your music...
  • Logitech Discontinues Its Harmony Line of Universal Remotes

    Logitech has axed its Harmony remote lineup for...
  • Google Announces the Pixel 5a by Denying It Has Cancelled the Pixel 5a

    Following reports that the Pixel 5a launch has ...
  • Report: Hackers Are Sending Fake Job Offers on LinkedIn to Try and Steal Your Data

    The unfortunate rise in unemployment caused by ...
  • 3 Great Tools to Keep You Focused While Working From Home

    Whether you’re working from home, writing...
  • The 7 Best Wireless Lavalier Microphones

    Summary List 9.60/10 1. Premium pick: Shure GLX...
  • Facebook Starts Applying Labels to Pages to Avoid Confusion

    Facebook is slowly adding new labels to certain...
  • How to Manage Tab Groups in Google Chrome

    Tab Groups from Google Chrome are changing the ...
  • 5 Exciting Linux Distro Updates to Look Forward to in 2021

    We’re four months into 2021 and a lot of ...
  • Google I/O Returns in May, Virtually, and Free for the First Time

    Google has announced that it will be holding I/...
  • Clubhouse Now Lets You Send Payments to Creators

    Online voice chat has become a more widespread ...
  • How to Set Up Strava and Record Your Walks

    Monitoring your progress can be a great motivat...

DELTA MEDIA ONLINE MARKETING PLATFORM
An Arte di Riunire Investments GmbH Division

Office:
Delta Media

Arte di Riunire Investments GmbH

Address: Lood 207F

Postcode: 3803 Beatenberg (Swiss)

email: rudydeighton@hotmail.com

rudydeighton@deltamediagbe.com

 

 

Online Platform

Menu POS Systeem

  • GET SOCIAL

© 2014 Delta Media - Arte di Riunire Investments GmbH Division - SWISS All Rights Reserved

TOP