Malware attacks are the commonly used type of attack strategy by the cyber hackers. Technically sound threat actors create their own malware by inducing the characteristics they wish. They mostly create a Trojan horse, a virus or a worm to perform an attack. The major motive behind a malware attack is to steal personal information such as login credentials, financial details, Personal Identifying Information etc. Some malware are designed to cause disruption in the networks whereas some are only meant to steal money from the target. ransomware comes under the category of malwares.
According to the statistics, there has been an increase of 2000% in the discovery of new malware which has been encrypted in the ‘Go’ format for the past few years. The security researchers has found around thousands of malware strains under the Go programing language. This has been reporting since 2017.
Earlier days, the hackers used the C and the C++ programs to design a malware but now the trend is slowly changing and hackers are employing the Go programing language. The Go language was launched by Google in 2007.
The first Go malware sighting occurred in 2012. At that time it is a difficult task to develop a malicious malware with a Go program. But with the available technology, the cyber hackers developed them and caused a widespread attack.
Until 2019, the Go malware was never in the scenes of cyber-crimes, but after 2019, they became active in the cyber-attacks and caused financial loss for many organizations.
Today the Go or Golong program is widely used by the hackers to target financially stable and established companies.
Apart from the threat actors, these programs are employed by the APT groups and other cyber security teams. They mainly use them to form a penetration testing tool kits. In some cases, some malwares used by the hackers are also used by the national cyber security team to study the characteristics of them and to prevent its happening in the future.
The worldwide popularity for Go programs is due to three main reasons. First, this code supports an easy process used for cross-platform compilation. This allows the creators to form an active code and adds binaries out of which the same codebase are extracted for more than one platform. This helps the threat actors to take control over Windows, Linux and Mac by using the same code.
Secondly, the binary codes of Go programs are difficult to analyse. Also, reverse engineering method is not possible here. This gave confidence for the hackers and they started to use this malware extensively to perform attacks since these malicious programs cannot be detected easily.
The final reason is that they are well-established to bond with network packets and requests.
Usually malwares are found to suppress, gather or send/receive network packets all the time. Since Go malwares can provide all these tools all at once in a single place, this is the main reason why hackers are behind this malware. Technically they make hacking easier.
These malwares sometimes perform the activities of botnets to target Linux and IoT devices. Based on the incidents till now, it is found that they can also install crypto miners and can hijack bitcoins.
Some of the prominent Go based malwares include:
- WellMess
- Zebrocy
- Go loader
- Godlike 12
How to secure from malware attacks
- Educate the staffs about the malware attacks and how to identify them.
- Use strong and authenticate security solution.
- Secure your network. Install a firewall.
- Conduct regular audits on websites.
- Do regular back-up of the files.
Malware attacks can come in different forms. But with proper prevention tactic and process management, we can tackle these attacks.