Golang stealer malware # New in the market

A new cryptocurrency crook has found its new way of writing i.e. Golang (Go) programming language which is famous among cybercriminals writing malware in Go.

Let me tell you a little about Go. It is a programming language designed in 2007 at Google. The main motive behind its designing is to improve programming productivity. It was designed by Robert Griesemer, Rob Pike, and Ken Thompson.

Sofacy produced a new variant of Zebrocy malware last year which was written in Go to create a functionally similar to Trojan to use in spear-phishing emails with an LNK shortcut attachment.

Researchers represented the stealer as an unsophisticated malware that’s probably in its early stages of development since its authors are still learning the language and still doing experiments with it. Additionally, the malware looks completely different under a debugger than malware compiled in alternative languages like C and C++ presenting a brand new challenge because it seeks new patterns within the malware.

They also quoted that just like many other applications which are written in Go language, the malware’s code is large and also the malware’s compiled binaries are sometimes huge, therefore the observed sample was packed with UPX to attenuate its size.

Researchers acknowledged in the test that “We can see that the browser’s cookie information is queried in search data related to on-line transactions such as credit card numbers, expiration dates, and personal information like names and email addresses.

“The paths to all the files which are being searched are stored as base 64 strings. Majority of them are associated with cryptocurrency wallets, however, we can additionally realize references to the telegram messenger.”

The malware also queries data associated with credit card numbers, expiration dates, as well as personal information like names and email addresses.

Thus, one needs to be aware of Go and the malware for maintaining privacy.

For more great content like this, subscribe to our monthly newsletter:

[newsletter]