By CagedTech in Malware

One of the newest coding languages that is gaining popularity is Google's Go language quickly. As usually, malware developers are quick to jump on any new train that is picking up steam and more and more threats written in the Go language are spurting out. This language can be very useful as threats that are written in it can target both Windows and Linux running systems. There have already been several threats written in the Go language that have gained popularity – Hercules, Veil, and GoBot2. Recently, a new threat written in the Go language emerged. It is called the Golang Trojan and appears to target systems running the Linux OS mainly. The goal of the Golang Trojan is to hijack the machine and use it to mine cryptocurrency, namely Monero.

Propagation Methods

The authors of the Golang Trojan are spreading it using several different propagation methods. They seem to be using known vulnerabilities in applications like the ThinkPHP, Confluence, and Drupal. In case there are other systems connected to the same network, the Golang Trojan will attempt to infiltrate them too.

Halts Other Cryptomining Processes

When the Golang Trojan infiltrates a server, it scans it so it would detect if the user has any crypto-mining processes launched. If there are any detected, the Golang Trojan will terminate them. This is done so that all the processing power of the infiltrated system would go for the purposes of the Golang Trojan solely. Ironically, the Golang Trojan will protect the compromised system for other cryptocurrency mining Trojans by blocking ports that are likely to be used by them.

If the user does not notice that anything fishy is going on the Golang Trojan will likely slow down their systm significantly and make it difficult to run any applications. Cryptocurrency mining Trojans like the Golang Trojan also reduce the lifespan of the hardware as mining cryptocurrency causes the system to overheat.

It is crucial to keep all your software up to date because threats like the Golang Trojan would look for any vulnerabilities to take advantage of and penetrate your system.


Most Viewed