GoLang the new Malware Language?
It is often believed that old is gold but how true this holds in the case of the most popular programming language in comparison to its counterparts is debatable. Python, which has been around since 1991, gained prominence only in the last five years mainly due to the ease at which the language can be used. However, the simplicity of the language may be challenged by other programming languages such as Google’s Go or GoLang.
A Little Background
GoLang is an open-source programming language that was created by Google in 2009 and the founders of the language were Rob Pike, Robert Griesemer, and Ken Thompson.
Many developers claim that GoLang is much easier and simpler than Python in many respects. While GoLang is a compiled language, it can be compiled into a single binary. It is capable of statically linking its dependency libraries into a single binary file. Thus, instead of downloading dependencies on the server, the simple task of uploading a compiled file will enable the app to function. Moreover, GoLang stores a myriad of tools which means the task of searching for third-party libraries in eliminated.
GoLang also contains a state-of-the-art integrated development environment with advanced debugging tools and plugins thus ensuring that the speed of programming remains unhindered. Its clear syntax without unnecessary components which allows developers to focus on development rather than language structure is an added advantage. It prevents trip-wire like detection because lesser payloads and required and allows an entire payload to be contained in a single executable.
The GoLang and Malware Combination
The malware development community has been making use of GoLang in recent times and the rate of use has been steadily on the rise. The reason why malware developers use GoLang for malware development is multi-variate. First, the language enables a single codebase to be compiled into all major operating systems. In other words, due to static linking, a code written in GoLang on a Linux system can run on a Windows or a Mac. This has proved especially useful for platforms such as Docker and Kubernetes. Infiltrating into systems without being detected is simpler because malware written in this language is large in terms of size and certain antivirus software are incapable of scanning large-sized files. Its rich library ecosystem smoothens the process of malware creation. While GoLang can be decompiled like Python or any other language, its automatic compilation makes it difficult for researchers to analyze and pick apart.
Some Examples
A Trojan malware targeting e-commerce sites were found to be written in GoLang in February 2019. Another instance was the crypto mining campaign that was uncovered in July 2019 in which GoLang malware was revealed targeting Linux- based servers. South Korea faced a similar attack by the GoBotKR malware which spread through torrent sites and allowed attackers to perpetrate infected systems remotely. In September 2019, threat group FancyBear returned with a payload that was rewritten in GoLang and the introduction of a new Golang backdoor.
The Glupteba malware was discovered to be using GoLang by Cybereason Nocturnus Team cybersecurity experts and has been outfitted with a cryptocurrency miner.
Is Golang the future?
According to GitHub 2.0, Python and Go were identified among the top five languages of 2019. In July 2019, researchers confirmed nearly 10,700 samples of malware that were written in GoLang. Google created language is gaining popularity and prominence among hackers and the malware development community and may overtake the use of Python.
