Google Go programming language used for creating destructive Trojan
Posted on 19.09.2012
When Google introduced its Go programming language in 2009, they surely didn't hope for it to be used for writing malware but, as these things go, it was a only a matter of time until it happened.


Symantec researchers have recently analyzed a piece of malware found in the wild that contains some components written in Go.

The malware is a Trojan dubbed "Encriyoko", which in this particular instance came disguised as a tool for rooting Android devices.

Once installed and executed on the victims' PC, the file in question (GalaxyNxRoot.exe) would drop two Go-based executables: an information-stealing Trojan and a downloading component.

The first aims at collecting information about the targeted computer and the processes running on it and sending that information to a remote server, while the second downloads an encrypted DLL file from another remote server.

When this DLL file is decrypted and loaded, it tries to encrypt all source code files, images and audio files, archives, documents and many other files. If it manages to do so, it saves them all into one file (vxsur.bin) in the Temp folder.

"Restoration of the encrypted files will be difficult, if not impossible," the researchers point out.

I assume they mean that when the user doesn't have the key to do it - if so, could it be that this Trojan is part of a ransomware attack? Or are the attackers' intentions simply to wreak havoc?






Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 2nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //