Google Go programming language used for creating destructive Trojan
Posted on 19.09.2012
When Google introduced its Go programming language in 2009, they surely didn't hope for it to be used for writing malware but, as these things go, it was a only a matter of time until it happened.


Symantec researchers have recently analyzed a piece of malware found in the wild that contains some components written in Go.

The malware is a Trojan dubbed "Encriyoko", which in this particular instance came disguised as a tool for rooting Android devices.

Once installed and executed on the victims' PC, the file in question (GalaxyNxRoot.exe) would drop two Go-based executables: an information-stealing Trojan and a downloading component.

The first aims at collecting information about the targeted computer and the processes running on it and sending that information to a remote server, while the second downloads an encrypted DLL file from another remote server.

When this DLL file is decrypted and loaded, it tries to encrypt all source code files, images and audio files, archives, documents and many other files. If it manages to do so, it saves them all into one file (vxsur.bin) in the Temp folder.

"Restoration of the encrypted files will be difficult, if not impossible," the researchers point out.

I assume they mean that when the user doesn't have the key to do it - if so, could it be that this Trojan is part of a ransomware attack? Or are the attackers' intentions simply to wreak havoc?






Spotlight

Fighting malware, emerging threats and AI

Posted on 24 November 2014.  |  Liran Tancman is the CEO of CyActive, a predictive cyber security company. In this interview he talks about fighting malware, emerging threats, artificial intelligence and the cloud.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Nov 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //