October 20, 2014

In brief: Google Go language used to write malware

(LiveHacking.Com) – Google Go, a compiled, concurrent programming language developed by Google, has been used for the first time to write malware. The language, which was initially released in 2009 and has been growing in popularity ever since, is a viable alternative to C or C++ and is good for writing low level and sever type software. This has now been proved in a way that maybe Google didn’t want. According to Symantec a malware has been found in the wild with components which are written in Go. The Trojan, known as Trojan.Encriyoko, attempts to encrypt various file formats on a compromised computer and so render them unusable.

The original sample Symantec acquired was called GalaxyNxRoot.exe, a dropper written in .NET which disguises itself as a rooting tool to trick users into installing it. When run GalaxyNxRoot.exe drops and launches two executable files, both written in Go: PPSAP.exe and adbtool.exe. The first is an information-stealing Trojan that collects system information such as current running processes, user name, MAC address, etc., and sends it to a server on the Internet. The second file downloads an encrypted file from a different remote location. This downloaded file is decryped and executed in a attempt to encrypt various files on the infected computer.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks