<— Back

The Rise And Fall Of Golang Malware

In the last half of a decade, there has been an advent and huge influx in usage of Golang based malware In-The-Wild (ITW). The ease of writing malware-oriented code with the advent of new libraries mimicking ‘software-development’ projects by various developers around the globe, has helped in Golang Malware development and customization. Starting from very basic information stealers, campaign-oriented implants to ransomware and wipers, the advent of Golang has been very welcomed.

In this talk, we will delve deep into the statistics of Golang based malware AKA the rise of it from a geographical angle, which made various anti-malware products and researchers to opt for a different route to deal with it. We will see why it caused problems and havoc by looking into some well-known state sponsored campaigns, ransomware groups and various wide spread malware campaigns which utilized Golang. We will also look into various “mistakes” made by these operators which helped malware researchers to develop proactive measures against such malicious implants.

Then, we will collectively look into some unique artefacts present in Golang based malware, which has now led to early detections of Golang Malware AKA the fall of Golang malware. We shall discuss how few open-source code repositories which are heavily abused by Golang malware is aiding malware researchers to deal with it making them a step ahead. Finally, this talk will delve deep into the ‘Final Pillars’ aka Go-Obfuscator & Garble and how they are heavily abused giving Golang Malware developers a sense of pseudo-rise and reasons to why will it be again the sole reason of fall of it in near future.

We, will also release a tool ‘Go-Peep’ which aims on aiding researchers to extract the artefacts discussed in the talk, that aims to helping defenders to triage and deal with Golang-based malware.